By: Maximo Dorrad user 23 Jun 2019 at 7:37 a.m. CDT

3 Responses
Maximo Dorrad gravatar
before all, thanks for your great product. we have a company with below technical diagram: ![](https://i.imgur.com/4g6YJBR.png) at past we deploy gluu server for local use (local.domain) and integrate local apps with this and it working well. now we wanna use it for our internet web apps, with this domain name: sso.test.com and for apps this is app1.test.com and app2.test.com and a wildcard SSL (*.test.com* ) for all our subdomains. in first simple way we put gluu behind our firewall and let traffic access it and reachable in web (https://sso.test.com) but the problem is beginning here that for security reasons we must not expose gluu bare at edge of our network and we must take consideration to approach this problem and i take a list for primary actions like below: 1- use reverse proxy with custom port 2- change default ports 3- and etc. in first approach, i set proxy pass and reverse proxy pass in our nginx or gluu http to make reverse proxy connection from https://sso.test.com:33333 and pass it into https://sso.test.com . it worked but maybe gluu has a internal function to redirect all traffic into 443 port an this cause problem because in my firewall rules we just allow access to 33333 port from outside network and when reverse proxy do his jobs well, the gluu redirect it into https://sso.test.com and because of mentioned firewall rule, connection is drop and cannot access to it. i want a condition that custom port (33333) not changed during all actions.... what is the solution? or any other consultation?

By Michael Schwartz staff 24 Jun 2019 at 4 a.m. CDT

Michael Schwartz gravatar
I would suggest to keep it simple, and not change to custom ports. If you update the JSON properties, I think the customer ports is possible. But in security, the key is to keep things simple. The more complex, the harder to maintain over time. If you are worried about port conflicts, perhaps use a "virtual ethernet interface" on the server instead. You can overload one ethernet interface with more then one IP adresss, and this will enable you to re-use the 443 port on the same ethernet interface.

By Maximo Dorrad user 25 Jun 2019 at 10:27 a.m. CDT

Maximo Dorrad gravatar
thanks for your suggestion. let's keeping things simple :) . in other words, because of our network security policies i have one open port (like: 33333 >> https://sso.test.com:33333) and i must port forwarded it into port 443 (to see gluu ssl default port); when this scenario operated the thing that happen is gluu insist to redirect 33333 to 443 and URL came into "https://sso.test.com" and in this situation firewall cannot allow connection and drop it.... **all of my issue is how to overcome this port change?** with reverse proxy? port forward? virtual ethernet interface? JSON properties modification (that i ran a test and add 33333 port to all sso.test.com and after that gluu not worked and i reinstall it)? i just want to not expose gluu with port 443 over internet...

By Michael Schwartz staff 01 Jul 2019 at 9:01 a.m. CDT

Michael Schwartz gravatar
This is not a supported use case, but if you find a solution, please post it here. I see no good reason, either from a security or usability standpoint, to use a public port for SSL other then 443. Whatever the reason is, it's not a mainstream requirement.