No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R009C00 Local HA System Software Installation Guide (SUSE Linux + MySQL + OMMHA) 10

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring Web LMT Proxy

(Optional) Configuring Web LMT Proxy

The Web LMT proxy needs to be configured only when the eLTE management component is installed and the Web LMT proxy service is required.

Context

If the eLTE management component is installed in eSight, you must configure Web LMT proxy.

Prerequisites

If the active and standby servers are connected, separate the servers by referring to "Disconnecting the Active and Standby Servers " in Appendix.

Basic Concepts

This topic describes the scenario, default setting, risks and suggestions, and other related concepts about Web LMT Proxy configuration.

Scenario
  • Versions before eCNS610 V100R004C00 do not support Web LMT.
  • The browsers supported by the Web LMT proxy function are subject to the browsers supported by the device Web LMT.

When devices and users are in different networks, the users can access the devices Web LMT only through the proxy function offered by the proxy server.

Before accessing the base station via a proxy capability of eSight, you must configure Web LMT Proxy rules referring to Operation Process.

Default Setting

By default, the proxy server is not started, the system does not offer a proxy authentication user, and source and destination IP address ranges are empty, indicating that no user is allowed to access any device through the proxy.

Risks and Suggestions

After the Web LMT proxy function is enabled, users with the source IP address range can access devices within the destination IP address range. There are certain security risks. Exercise caution when configuring the allowed source and destination IP address ranges.

Basic Concepts
  • Proxy authentication

    Requires user names and passwords before using LMT functions.

  • Source IP address range

    Controls the IP address range of clients that are allowed to use the Web LMT proxy. The IP address refers to the IP address of the host where the user browser is located.

  • Destination IP address range

    Controls the IP address range of devices that are allowed to pass through the Web LMT proxy.

Operation Process

This topic describes the process of configuring the Web LMT proxy.

Operation Process shows the process of configuring the Web LMT proxy.

Figure 7-4 Process of configuring the Web LMT proxy

Creating a Proxy User

This topic describes how to create a proxy user.

Context

The system allows users to access NEs through the proxy. When using the proxy function, you must enter the user name and password for authentication, increasing system security.

By default, the system has no proxy user. You must create a proxy user to use the proxy function.

Precautions
  • A password must contain at least one digit, uppercase letter, lowercase letter, and special character (!"#$%&'()*+,-./:;<=>?@[\]^`{_|}~).

    The password must meet the following rules:

    • The password must not contain the user name or the reversal of the user name.
    • The password ranges from 8 to 32 characters.
  • After a proxy user is created, the setting takes effect immediately. You do not need to restart the proxy server.
  • It is recommended that you change proxy user passwords at regular intervals to ensure the account security.
Procedure
  1. Log in to the active server and the standby server as the ossuser user, perform the following steps.
  2. Run the following command to switch the directory:

    > cd eSight installation directory/AppBase/3rdparty/nginx_ewl/bin

  3. Create a proxy user.

    > ./htproxy.sh -au username

    New password: 
    Re-type new password:     
    NOTE:
    • While input the password in Linux operating system, the input traces are not displayed on the screen.
    • If no command output is displayed, the proxy user is created successfully.
    • Here, username indicates the name of the proxy user to be created. The username ranges from 8 to 32 characters.
    • You can run the preceding command for several times to add multiple proxy users.

Follow-up Procedure
  • Viewing the Proxy Users
    1. Log in to the active server and the standby server as the ossuser user, perform the following steps.
    2. Run the following command to switch the directory.

      > cd eSight installation directory/AppBase/3rdparty/nginx_ewl/bin

    3. Run the following command to configure the list of proxy users.

      > ./htproxy.sh -lu

  • Changing the Proxy User Password
    1. Log in to the active server and the standby server as the ossuser user, perform the following steps.
    2. Run the following command to switch the directory.

      > cd eSight installation directory/AppBase/3rdparty/nginx_ewl/bin

    3. Run the following command to change the password:

      > ./htproxy.sh -au username

      . 
      New password: 
      Re-type new password:     
      NOTE:
      • While input the password in Linux operating system, the input traces are not displayed on the screen.
      • If no command output is displayed, the password is changed successfully.
      • Here, username indicates the name of the proxy user whose password you want to change. If the proxy user does not exist, the proxy user will be created.
      • When a password is changed, the password takes effect immediately. You do not need to restart the proxy server.
  • Deleting a Proxy User
    1. Log in to the active server and the standby server as the ossuser user, perform the following steps.
    2. Run the following command to switch the directory.

      > cd eSight installation directory/AppBase/3rdparty/nginx_ewl/bin

    3. Delete a proxy user.

      > ./htproxy.sh -ru username

      NOTE:
      • username indicates the name of the proxy user to be deleted.
      • After a proxy user is deleted, the setting takes effect immediately. You do not need to restart the proxy server.

Adding the Source IP Address Range

This topic describes how to add the source IP address range. The IP address refers to the IP address of the host where the user browser is located.

Procedure
  1. Log in to the active server and the standby server as the ossuser user, perform the following steps.
  2. Run the following command to switch the directory.

    > cd eSight installation directory/AppBase/3rdparty/nginx_ewl/bin

  3. Run the following command to add the source IP address range.

    > ./htproxy.sh -as 104 10.1.1.0/24 or ./htproxy.sh -as 10.1.1.0/24

    NOTE:
    • The source IP address range must be in the format of IP address/mask length. You can add as many times as needed. Here, take "192.168.1.104 10.1.1.0/24" as an example:
    • 192.168.1.104: indicates that the IP address is allowed the access to the proxy server.
    • 10.1.1.0/24: indicates that all IP addresses within the subnet are allowed the access to the proxy server.
    • If the message "success, restart nginx to take effect please" is displayed, the IP address range is added successfully.

  4. If proxy server has been started, run the following command to restart the proxy server to make the modification take effect:

    > ./restart.sh

Follow-up Procedure
  • Viewing the Source IP Address Range
    1. Log in to the active server and the standby server as the ossuser user, perform the following steps.
    2. Run the following command to switch the directory.

      > cd eSight installation directory/AppBase/3rdparty/nginx_ewl/bin

    3. Run the following command to view the source IP address range.

      > ./htproxy.sh -ls

  • Deleting the Source IP Address Range
    1. Log in to the active server and the standby server as the ossuser user, perform the following steps.
    2. Run the following command to switch the directory.

      > cd eSight installation directory/AppBase/3rdparty/nginx_ewl/bin

    3. Run the following command to delete the source IP address range.

      > ./htproxy.sh -rs 104 10.1.1.0/24 or ./htproxy.sh -rs 10.1.1.0/24

      NOTE:
      • The IP address range must be in the format of IP address/mask length. You can add multiple network segments and separate them by space. Here, take "192.168.1.104 10.1.1.0/24" as an example:
      • 192.168.1.104: indicates that delete the IP address if it exists in source IP address list.
      • 10.1.1.0/24:indicates that delete all IP addresses within the subnet if they exist in source IP address list.
      • If the message "success, restart nginx to take effect please" is displayed, the IP address range is deleted successfully.
    4. If proxy server has been started, run the following command to restart the proxy server to make the modification take effect:

      > ./restart.sh

Adding the Destination IP Address

This topic describes how to add the destination IP address.

Procedure
  1. Log in to the active server and the standby serveras the ossuser user, perform the following steps.
  2. Run the following command to switch the directory.

    > cd eSight installation directory/AppBase/3rdparty/nginx_ewl/bin

  3. Run the following command to add the destination IP address.

    > ./htproxy.sh -ad 192.168.1.104 [port ID]

    NOTE:
    • If the port ID of the IP address is the default one, you do not need to add the port ID. If the port ID is not the default one, you need to add the port ID.
    • Take 192.168.1.104 83 as an example. In the example, 192.168.1.104 indicates that the Web LMT corresponding to the IP address can be proxied and 83 indicates the port number corresponding to the IP address.
    • If the message "success, restart nginx to take effect please" is displayed, the IP address is added successfully.

  4. If proxy server has been started, run the following command to restart the proxy server to make the modification take effect:

    > ./restart.sh

Follow-up Procedure
  • Viewing the Destination IP Address
    1. Log in to the active server and the standby server as the ossuser user, perform the following steps.
    2. Run the following command to switch the directory.

      > cd eSight installation directory/AppBase/3rdparty/nginx_ewl/bin

    3. Run the following command to configure the destination IP address.

      > ./htproxy.sh -ld

  • Deleting the Destination IP Address
    1. Log in to the active server and the standby server as the ossuser user, perform the following steps.
    2. Run the following command to switch the directory.

      > cd eSight installation directory/AppBase/3rdparty/nginx_ewl/bin

    3. Run the following command to delete the destination IP address.

      > ./htproxy.sh -rs 192.168.1.104

      NOTE:
      • Take "192.168.1.104" as an example, indicates that delete the IP address if it exists in destination IP address list.
      • You can only delete the IP address which already exists. And you can operate many times as needed.
      • If the message "success, restart nginx to take effect please" is displayed, the IP address range is deleted successfully.
    4. If proxy server is not started, run the following command to start the proxy server to make the configuration take effect:

      > ./startup.sh

    5. If proxy server has been started, run the following command to restart the proxy server to make the modification take effect:

      > ./restart.sh

Start the Proxy Server

By default, the proxy server is not started. After the configuration is complete, you need to start the proxy server.

Procedure
  1. Log in to the active server and the standby serveras the ossuser user, perform the following steps.
  2. Run the following command to switch the directory.

    > cd eSight installation directory/AppBase/3rdparty/nginx_ewl/bin

  3. Run the following command to start the proxy server.

    If proxy server is not started, run the following command to start the proxy server to make the configuration take effect:

    > ./startup.sh

    If proxy server has been started, run the following command to restart the proxy server to make the modification take effect:

    > ./restart.sh

Stop the Proxy Server

When the proxy service is not required, stop the proxy server to reduce security risks.

Procedure
  1. Log in to the active server and the standby serveras the ossuser user, perform the following steps.
  2. Run the following command to switch the directory.

    > cd eSight installation directory/AppBase/3rdparty/nginx_ewl/bin

  3. Run the following command to stop the proxy server.

    > ./shutdown.sh

Proxy Authentication

After configuring Web LMT proxy, log in to the LMT through Nginx proxy.

Procedure
  1. Open a web browser, and enter https://eSight IP address:32143/Device IP address/login.html in the address box. Example: https://10.135.39.26:32143/10.137.63.230/login.html

    If the following page is displayed, the Web LMT proxy is started successfully.

  2. Click Continue to this website. In the authentication window that is displayed, enter the user name and password.

    • If the client and device IP addresses are within the allowed range, the Web LMT proxy asks you to enter the user name and password. Go to Step 3.

    • If the client or device IP address is beyond the allowed range, the Web LMT proxy rejects your service request.

  3. Log in to the LMT after the authentication succeeds.

Download
Updated: 2019-09-02

Document ID: EDOC1100011856

Views: 91065

Downloads: 53

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next