Implementing secure gateway server for ServiceDesk Plus

Implementing secure gateway server for ServiceDesk Plus

As per the RBI guidelines, FOS and Secure Gateway Server features are mandatory for all hosted software used in the banking domain. We can achieve a service gateway server in the service desk plus by following the below steps:
Steps to Integrate with NGinx Server:
  • What is NGinx server? NGINX is a web server that also acts as an email proxy, reverse proxy, and load balancer.

 

 

  • We need to install nginx server in the Separate server which is in the DMZ Zone

 

  • Extract the downloaded zip file.

 

  • After extracting the zip file, need to modify the nginx.conf file to enable URL restriction for mobile apps.

 

  • Open the nginx.conf file which is available under "nginx/conf/" directory.

 

  • Replace the nginx.conf file with the below configuration file.

                   Nginx Configuration file: refer to the nginx attached file

 

Refer to the below configurations to configure the NGinx server's port.

  server {

      # Below to change the nginx server's port

        listen       80;

  #Refer to the below configuration to configure the nginx domain

  • Refer to the below configurations to configure the ServiceDesk Plus server name/IP and port in nginx.conf file. For Example,

upstream internalserver {

    server 192.168.18.280:8080; }

  # Default is HTTP Mode

  location ~ /api/v3/requests/([0-9]+) {

     if ($request_method = GET) {

          proxy_pass http://internalserver;  

     }

           if ($request_method = PUT) {

          proxy_pass http://internalserver;  

     }

           if ($request_method = POST) {

          proxy_pass http://internalserver;  

     }

  

  }

#If you wish to change to HTTPS Mode change all the proxy_pass http://internalserver to https://internalserver

     location ~ /api/v3/requests/([0-9]+) {

     if ($request_method = GET) {

          proxy_pass https://internalserver;  

     }

           if ($request_method = PUT) {

          proxy_pass https://internalserver;  

     }

           if ($request_method = POST) {

          proxy_pass https://internalserver;  

     } }

  

  • Refer to the below configurations to run the nginx server in https mode.

    

  # HTTPS server

    

    server {

        listen       443 ssl;

        server_name  localhost;

       # If you place crt and key files under nginx\conf folder then we also use the path "\nginx\conf\cert.crt"

        ssl_certificate      cert.crt;

        ssl_certificate_key  cert.key;

 

        ssl_session_cache    shared:SSL:1m;

        ssl_session_timeout  5m;

 

        ssl_ciphers  HIGH:!aNULL:!MD5;

        ssl_prefer_server_ciphers  on;

 

        location / {

           proxy_pass://localhost:8080;

 

        } }

  • Start the nginx server

 

     Open the command prompt, under the nginx server installed directory and execute the below command.

                                Command: start nginx.exe (or) start nginx

     Use the below command to shutdown the nginx server

                                Command for fast shutdown: nginx -s stop  

        Command for graceful shutdown: nginx -s quit 

Note:

  • Refer to the below configurations to configure the ServiceDesk Plus server name/IP and port.

 

location /api/v3/mobile_devices  {

    # Below to configure the servicedeskplus server details

     proxy_pass  http://192.168.19.35:8080; }

  • Refer to the below configurations to redirect the mobile app URLs to ServiceDesk Plus server.

 

location /api/v3/app_resources/authenticate {

     proxy_pass http://192.168.19.35:8080;

}

# whitelist the api/v3/solutions (GET) by below configuration

location ~ /api/v3/solutions/([0-9]+) {

    if ($request_method = GET) {

     proxy_pass http://localhost:8080;  

    }

}

# Other url's are blacklisted by using below configuration

location / {

    # block this url Or redirect to error page

   proxy_pass http://192.168.19.35:8080/jsp/pagenotfound.jsp; }



                  New to ADSelfService Plus?

                    • Related Articles

                    • Best Practices to Secure the application (ServiceDesk Plus - MSP & Supportcenter Plus)

                      This document is common for ServiceDesk Plus MSP and Supportcenter Plus application Best practices to avoid threats: Upgrade to the latest version and builds. Reset the password of bundled accounts (administrator and guest) Enable two-factor ...
                    • Host ServiceDesk Plus on the Internet

                      In order to make ServiceDesk Plus available for users on Internet, let us assume the following scenarios. Scenario 1: ServiceDesk Plus is installed in LAN and should be available in LAN and WAN: Assume ServiceDesk Plus is installed on a server in the ...
                    • How to redirect ServiceDesk Plus URL from HTTP to HTTPS

                      Follow the steps given below to set up the redirection from HTTP to HTTPS, For version 9.4 and above Step 1: Go to the below location and open the file 'server.xml' with a word pad and add the below entry in the file as shown in the image. ...
                    • Implementing a Comprehensive Change Catalog in ServiceDesk Plus

                      Dear Community, We are excited to introduce a document designed to streamline the management of frequently occurring changes within ServiceDesk Plus. This document( Attached) provides a detailed guide on creating a Change Catalog, a interim approach ...
                    • How to migrate ServiceDesk Plus from one server to another

                      Following are the steps to move data from the existing server to a new server, Step 1: Stop ManageEngine ServiceDesk Plus service. Step 2: Kindly Upgrade ServiceDesk Plus if required. Refer to the link below to check if you are in the latest version, ...