[cisco-voip] CCMuser pages or not? (CUCM v7)
Lelio Fulgenzi
lelio at uoguelph.ca
Sun Feb 27 23:03:58 EST 2011
thanks Bernhard,
you confirmed many of my suspicions and some of my findings.
---
Lelio Fulgenzi, B.A.
Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1
(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Cooking with unix is easy. You just sed it and forget it.
- LFJ (with apologies to Mr. Popeil)
----- Original Message -----
From: "Bernhard Albler" <bernhard.albler at gmail.com>
To: "Anthony Holloway" <avholloway+cisco-voip at gmail.com>
Cc: "Lelio Fulgenzi" <lelio at uoguelph.ca>, "cisco-voip voyp list" <cisco-voip at puck.nether.net>
Sent: Sunday, February 27, 2011 1:43:14 PM
Subject: Re: [cisco-voip] CCMuser pages or not? (CUCM v7)
Hi all,
two answers:
1.)
I have one customer who has pretty much reimplemented CCMUSER and
quite a bit more as a part of a full management solution. It's pretty
darn cool (we can also configure unity etc. viy that page) but it was
quite a bit of work.
2.)I believe ASA Url filtering will not work because the page these
days are only available via SSL. So no luck there.
What I did at another customer was to use NGINX (www.nginx.net) as a
reverse proxy and then filter ccmuser. This is a bit more tricky than
necessary because CCMUser actually uses resources (images) pointing to
/ccmadmin/. So the config looks something like this:
server {
listen <VIRTUALIP>:443;
server_name <HOSTNAME>;
access_log /var/log/nginx/settings.access.log;
error_log /var/log/nginx/settings.error.log;
ssl on;
ssl_certificate /etc/certs/host.cert;
ssl_certificate_key /etc/certs/host.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
location /nginx_status {
stub_status on;
access_log off;
}
location / {
rewrite ^/(.*) https://<HOSTNAME>/ccmuser permanent;
}
location /ccmuser/ {
proxy_set_header X-Real-IP $remote_addr;
#
# This line tells the application which URL to use as base_url:
#
proxy_set_header Host <HOSTNAME>;
proxy_set_header X-Host $host;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
#
# Here we point to Jetty
#
proxy_pass https://<REALCCM>/ccmuser/;
proxy_redirect default;
}
location /ccmadmin/loading-please-wait.jsp {
proxy_set_header X-Real-IP $remote_addr;
#
# This line tells the openms application which URL to
use as base_url:
#
proxy_set_header Host <HOSTNAME>;
proxy_set_header X-Host $host;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
#
# Here we point to the CCM
#
proxy_pass
https://<REALCCM>ccmadmin/loading-please-wait.jsp;
proxy_redirect default;
}
location /ccmadmin/themes/ {
proxy_set_header X-Real-IP $remote_addr;
#
# This line tells the application which URL to use as base_url:
#
proxy_set_header Host <HOSTNAME>;
proxy_set_header X-Host $host;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
#
# Here we point to the CCM
#
proxy_pass https://<REALCCM>/ccmadmin/themes/;
proxy_redirect default;
}
}
This also has the advantage that users can just enter <HOSTNAME> and
will drop to CCMUSER.
I believe you can do the same with a F5 or a ACE.
regards
bernhard
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20110227/39cb92ff/attachment.html>
More information about the cisco-voip
mailing list