[cisco-voip] CCMuser pages or not? (CUCM v7)
Bernhard Albler
bernhard.albler at gmail.com
Sun Feb 27 13:43:14 EST 2011
Hi all,
two answers:
1.)
I have one customer who has pretty much reimplemented CCMUSER and
quite a bit more as a part of a full management solution. It's pretty
darn cool (we can also configure unity etc. viy that page) but it was
quite a bit of work.
2.)I believe ASA Url filtering will not work because the page these
days are only available via SSL. So no luck there.
What I did at another customer was to use NGINX (www.nginx.net) as a
reverse proxy and then filter ccmuser. This is a bit more tricky than
necessary because CCMUser actually uses resources (images) pointing to
/ccmadmin/. So the config looks something like this:
server {
listen <VIRTUALIP>:443;
server_name <HOSTNAME>;
access_log /var/log/nginx/settings.access.log;
error_log /var/log/nginx/settings.error.log;
ssl on;
ssl_certificate /etc/certs/host.cert;
ssl_certificate_key /etc/certs/host.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
location /nginx_status {
stub_status on;
access_log off;
}
location / {
rewrite ^/(.*) https://<HOSTNAME>/ccmuser permanent;
}
location /ccmuser/ {
proxy_set_header X-Real-IP $remote_addr;
#
# This line tells the application which URL to use as base_url:
#
proxy_set_header Host <HOSTNAME>;
proxy_set_header X-Host $host;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
#
# Here we point to Jetty
#
proxy_pass https://<REALCCM>/ccmuser/;
proxy_redirect default;
}
location /ccmadmin/loading-please-wait.jsp {
proxy_set_header X-Real-IP $remote_addr;
#
# This line tells the openms application which URL to
use as base_url:
#
proxy_set_header Host <HOSTNAME>;
proxy_set_header X-Host $host;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
#
# Here we point to the CCM
#
proxy_pass
https://<REALCCM>ccmadmin/loading-please-wait.jsp;
proxy_redirect default;
}
location /ccmadmin/themes/ {
proxy_set_header X-Real-IP $remote_addr;
#
# This line tells the application which URL to use as base_url:
#
proxy_set_header Host <HOSTNAME>;
proxy_set_header X-Host $host;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
#
# Here we point to the CCM
#
proxy_pass https://<REALCCM>/ccmadmin/themes/;
proxy_redirect default;
}
}
This also has the advantage that users can just enter <HOSTNAME> and
will drop to CCMUSER.
I believe you can do the same with a F5 or a ACE.
regards
bernhard
More information about the cisco-voip
mailing list