eSight公网访问配置问题

发布时间:  2016-10-22 浏览次数:  249 下载次数:  0
问题描述

只在出口路由器或者防火墙上面配置NAT无法实现,公网访问esight, 必须两部分都要配置。

处理过程

1. 进入eSight安装目录\AppBase\etc\oms.sso ,修改文件sso.xml 和 ssoclient.xml。修改私网地址和公网地址部分


<?xml version="1.0" encoding="UTF-8"?>
<sso-config> <param name="https-port">31942</param>
<!-- ssoserver https port  -->
<Param name="http-port">8087</Param>
<!-- ssoserver http port  -->
<param name="rmi-ip">127.0.0.1</param> <param name="rmi-port">31909</param> <param name="locale">en_US</param> <param name="rmi-checkCertCN">false</param> <param name="rmi-checkCertValidity">true</param> <param name="default-forward-url">https://私网地址:31943</param> <param name="client-trusted-ip">私网地址,公网地址</param> <param name="close-http-port">false</param> <param name="sslProtocols">SSLv2Hello,TLSv1,TLSv1.1,TLSv1.2</param> <param name="webserverips">私网地址</param></sso-config>

<?xml version="1.0" encoding="UTF-8"?>

-<config name="oms">

<!-- Single Sign On -->


-<config name="sso">


-<config name="client">

<param name="enabled">true</param>

<param name="isLocalsso">true</param>

</config>


-<config name="servers">


-<config name="upper_layer_server">

<param name="name">10.20.16.6:8087</param>

<param name="public">https://公网地址:31942/sso</param>

<param name="private">http://私网地址:8087/sso</param>

<param name="logout">https://私网地址:31942/sso/logout</param>

</config>


-<config name="server">

<param name="name">私网地址:8087</param>

<param name="public">https://公网地址:31942/sso</param>

<param name="private">http://私网地址:8087/sso</param>

<param name="logout">https://私网地址:31942/sso/logout</param>

</config>


-<config name="server">

<param name="entryAddressMapping">公网地址</param>

<param name="name">私网地址:8087</param>

<param name="public">https://公网地址:31942/sso</param>

<param name="private">http://私网地址:8087/sso</param>

<param name="logout">https://公网地址:31942/sso/logout</param>

</config>


2. 出口路由器或者防火墙添加NAT配置

Nat server 公网地址 31943 inside 私网地址 31943

Nat server 公网地址 8080  inside 私网地址 8080

Nat server 公网地址 31942 inside 私网地址 31942


解决方案
需要Nat 及esight服务器同时配置

END