HTTPS component

This is an executable file named webproxy_windows_amd64 for Windows or webproxy_linux_amd64 for Linux. The settings for the component are specified in the configuration file webproxy.toml as shown below.

The component supports three launch options: from the console, as a Windows service, or a Linux daemon. They are configured in the same way as for the previously discussed traffic component for TrueConf, but with a number of differences:

• You need to configure certificate operation beforehand;

• Next to the executable file, you need to create a configuration file webproxy.toml;

• The file is launched with the run parameter (more details on the use in Windows and Linux are provided below).

Certificate configuration

1. If a <to-site "alias="cert-settings">self-signed certificate is configured on TrueConf Server, download it via the link Download ca.crt in the Self-signed certificate section and add it to the trusted root certificates on the machine with TrueConf Border Controller. Check the documentation for your OS to learn how this can be done.

For example, on Debian:

• Copy the certificate file to the certificate storage in the directory usr/local/share/ca-certificates/:

sudo cp ca.crt /usr/local/share/ca-certificates/

• Update the certificate storage with this command:

sudo update-ca-certificates -v

If there is an error message indicating that the command was not found, install its package from the repository:

sudo apt install -y ca-certificates

• To check if your OS trusts the certificate, run this command:

openssl verify /usr/local/share/ca-certificates/ca.crt

2. In the TrueConf Server control panel, go to the Web → Settings section and specify the address of the machine with TrueConf Border Controller in the External address of TrueConf Server web field.

3. Create a certificate for the machine with TrueConf Border Controller. If you do not have a commercial certificate, you can create a self-signed certificate as it is described in our knowledge base.

4. Copy the certificate and key obtained at step 3 to the directory <path_to_border_controller>\etc\crt\ where <path_to_border_controller> is the path to the executable file of the component.

5. Rename the certificate and key files as <guid>.crt and <guid>.key where <guid> is a 128-bit GUID identifier which will be the same for both files. It can be generated with the help of the online service UUID Generator (opens new window).

Creation of the configuration file

Create the configuration file webproxy.toml in the directory where the executable file of the component is stored:

[certificate]
cert_extension = '.crt'
key_extension = '.key'

[dir]
executable_relative = true
installation = 'C:\TrueConf Border Controller'

[file]
configname = 'webproxy'

[interfaces]
[interfaces.list]
[interfaces.list.0]
Address = '[::]:443'
EnableTLS = true
ReadTimeout = 0
TLSConfigID = 'd25ceb20-f473-41dc-8db9-37f4dec1a3d1'
TargetID = 'a824b5cb-c92d-4a52-a5cc-434fecaba6a8'

[interfaces.list.1]
Address = '[::]:80'
EnableTLS = false
ReadTimeout = 0
TLSConfigID = ''
TargetID = '2f0dbf86-8378-41fc-9c5a-89a43728a0b7'

[proxy]
trust_client_headers = true

[targets]
[targets.list.a824b5cb-c92d-4a52-a5cc-434fecaba6a8]
address = '10.110.2.82:443'
is_secure = true

[targets.list]
[targets.list.2f0dbf86-8378-41fc-9c5a-89a43728a0b7]
address = '10.110.2.82:80'
is_secure = false

[tls]
[tls.list]
[tls.list.d25ceb20-f473-41dc-8db9-37f4dec1a3d1]
CertificateID = 'd25ceb20-f473-41dc-8db9-37f4dec1a3d1'
CertificateType = 'user-provided'
DisplayName = 'My TLS configuration'
ID = 'd25ceb20-f473-41dc-8db9-37f4dec1a3d1'

where you have to specify the following values:

• in the [dir] section:

  • installation — the path to the executable file of the component

• in the section [interfaces.list.0]:

  • Address — HTTPS port if it is different from the standard 443

  • TLSConfigID — the name of the certificate and key files received at step 5

  • TargetID — GUID for identifying a block of HTTPS settings from the [targets] section

• in the section [interfaces.list.1]:

  • Address — the port for accessing the control panel via HTTP if the port is different from the standard 80 port

  • TargetID — GUID for identifying a block of HTTP settings from the [targets] section

• for each [targets.list.<guid>] blocks in the [targets] section:

  • generate unique GUIDs and add them instead of <guid>

  • address — IP address or FQDN of TrueConf Server and the port for the transfer of traffic from the component

  • is_secure — the value is equal to true if an HTTPS port was specified for the address parameter of the current [targets.list.<guid>] block ; otherwise it is equal to false

• in the [tls] section:

  • for the [tls.list.<guid>] block name, replace <guid> with the TLSConfigID value (it is also the name of the certificate file from step 5)

  • CertificateID and ID — value of TLSConfigID.

7. Save the file webproxy.toml and run the component.

Starting the component on Windows OS

To launch the component from the console, execute the following command:

<path_to_border_controller> run

where <path_to_border_controller> is the path to the executable file. For example:

c:\Program Files\TrueConf\webproxy_windows_amd64.exe run

Creating a service is similar to the instructions discussed for the tc_bc component, only you need to specify c:\Program Files\TrueConf\webproxy_windows_amd64.exe run as the file path (parameters BinaryPathName or binPath).

Starting the component on Linux OS

To launch the component from the terminal, execute the command:

<path_to_border_controller> run

where <path_to_border_controller> is the path to the executable file. For example:

/opt/trueconf/enterprise/etc/bc/webproxy_linux_amd64 run