¶ Ingress
¶ External Network Access
To expose the MAM4PRO to the internet to be accessed remotely, you should configure an ingress using WebServicesProxy and NGINX in a single port.
- You can choose any port without messing with MAM4PRO settings/configs;
- You can choose HTTP or HTTPS;
- You can still access MAM4PRO internally without any downside or changes to its network model.
To begin, a valid self-signed certificate for the server must be created.
Note: the responsibility for the creation of the self-signed certificates is of the customer, not MOG’s. These certificates are for corporate use and therefore exclusive to the company.
Here is an example on how to create a self-signed certificate to include in MAM4PRO using OpenSSL in Linux:
openssl genrsa -out mog.key 2048
openssl rsa -in mog.key -out mog.key
openssl req -sha256 -new -key mog.key -out server.csr -subj '/CN=${HOSTNAME}'
openssl x509 -req -sha256 -days 365 -in server.csr -signkey mog.key -out server.crt
cat server.crt mog.key > bundle.pem
In the end, we will obtain the files mog.key and bundle.pem which must be placed in a folder of your choice i.e.: “C:\Users\MOG\Desktop\Certificates”.
To finish, copy both the certificates to the “C:\Program Files\MOG\MAM4PRO\WebServicesProxy\IngressServer\certificates” directory.
Note: In a default MAM4PRO instalation a dummy file is included. You should delete the file and only keep the bundle.pem and mog.key files in the folder.
¶ Enabling the Ingress Server
In order to use the certificates, the ingress server must be enabled. To do this, follow the next steps:
First, go to the following directory “C:\Program Files\MOG\MAM4PRO\mCore\www_mSRv3\WebSite\app\config\constants\” and edit the “ports.json” file setting the “useIngress” value to “true”:
Then, go to the directory “C:\Program Files\MOG\MAM4PRO\WebServicesProxy\IngressServer\conf” and edit the “nginx.conf” file making sure that both the “ssl_certificate” and “ssl_certificate_key” match what was created:
In the file above, you can configure the ports that NGINX will listen to.
By default, for HTTPS ingress access we include “listen 443 ssl;”. For HTTP access you can assign your own port (eg. 8530), just make sure that there isn’t any rule in the firewall blocking the access to the port.
Notes:
- If using HTTP remove the ssl attribute from the listen line;
- Port 80 is usually used by MAM4PRO and should not be used without changing it;
- You can listen to multiple ports, eg.:
listen 443 ssl;listen 8530 ssl;
¶ Activating Ingress
When installing MAM4PRO, make sure the component WebServicesProxy is installed:
Then, start theMAM4PRO services and activate the “Ingress Server” dependence:
All done with the configurations, now access your server using either your server’s name or the public DNS followed by the chosen port.
MAM4PRO should now be working on HTTPS (when using the ingress server dependence) or HTTP (if the ingress server dependence is disabled).