[cisco-voip] CCMuser pages or not? (CUCM v7)

Bernhard Albler bernhard.albler at gmail.com
Sun Feb 27 13:43:14 EST 2011


Hi all,
two answers:
1.)
I have one customer who has pretty much reimplemented CCMUSER and
quite a bit more as a part of a full management solution. It's pretty
darn cool (we can also configure unity etc. viy that page) but it was
quite a bit of work.


2.)I believe ASA Url filtering will not work because the page these
days are only available via SSL. So no luck there.

What I did at another customer was to use NGINX (www.nginx.net) as a
reverse proxy and then filter ccmuser. This is a bit more tricky than
necessary because CCMUser actually uses resources (images) pointing to
/ccmadmin/. So the config looks something like this:
server {
        listen                          <VIRTUALIP>:443;
        server_name                    <HOSTNAME>;
        access_log                      /var/log/nginx/settings.access.log;
        error_log                       /var/log/nginx/settings.error.log;

        ssl on;
        ssl_certificate                 /etc/certs/host.cert;
        ssl_certificate_key             /etc/certs/host.key;
        ssl_session_timeout             5m;

        ssl_protocols                   SSLv2 SSLv3 TLSv1;
        ssl_ciphers
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
        ssl_prefer_server_ciphers       on;

        keepalive_timeout               70;

        location /nginx_status {
                stub_status             on;
                access_log              off;
        }

        location / {
        rewrite ^/(.*) https://<HOSTNAME>/ccmuser permanent;
        }

location /ccmuser/ {

                proxy_set_header        X-Real-IP  $remote_addr;

                #
                # This line tells the application which URL to use as base_url:
                #
                proxy_set_header        Host <HOSTNAME>;
                proxy_set_header        X-Host $host;
                proxy_set_header        X-Forwarded-For
$proxy_add_x_forwarded_for;

                #
                # Here we point to Jetty
                #
                proxy_pass              https://<REALCCM>/ccmuser/;
                proxy_redirect          default;
        }
location /ccmadmin/loading-please-wait.jsp {

                proxy_set_header        X-Real-IP  $remote_addr;

                #
                # This line tells the openms application which URL to
use as base_url:
                #
                proxy_set_header        Host <HOSTNAME>;
                proxy_set_header        X-Host $host;
                proxy_set_header        X-Forwarded-For
$proxy_add_x_forwarded_for;

                #
                # Here we point to the CCM
                #
                proxy_pass
https://<REALCCM>ccmadmin/loading-please-wait.jsp;
                proxy_redirect          default;
        }


location /ccmadmin/themes/ {

                proxy_set_header        X-Real-IP  $remote_addr;

                #
                # This line tells the application which URL to use as base_url:
                #
                proxy_set_header        Host <HOSTNAME>;
                proxy_set_header        X-Host $host;
                proxy_set_header        X-Forwarded-For
$proxy_add_x_forwarded_for;

                #
                # Here we point to the CCM
                #
                proxy_pass              https://<REALCCM>/ccmadmin/themes/;
                proxy_redirect          default;
        }
}

This also has the advantage that users can just enter <HOSTNAME> and
will drop to CCMUSER.
I believe you can do the same with a F5 or a ACE.

regards
bernhard


More information about the cisco-voip mailing list