Notre blog en mousse \o/ - Mot-clé - rdp2024-03-01T10:31:54+01:00Les Lamas !urn:md5:16d806c26b4faf0eabfff608393c3d26DotclearReverse proxy Apache pour RDP over HTTPS (Windows Server 2008 R2)urn:md5:3c59e2ea95e24be30b2d72d2fba4e7d62016-07-25T18:16:00+02:002017-02-09T14:28:49+01:00RulianeAdministrationApachecertificatinstallationlinuxnatpasserelleproxyrdpreversesslwebwindows <p>Générer un certificat autosigné :<br /></p>
<blockquote><p>openssl req -newkey rsa:2048 -nodes -keyout myrdp.mydomain.key -x509 -days 365 -out myrdp.mydomain.crt<br /></p></blockquote>
<blockquote><p>openssl pkcs12 -inkey myrdp.mydomain.key -in myrdp.mydomain.crt -export -out myrdp.mydomain.pfx<br /></p></blockquote>
<p><br />
Importer le certificat dans le magasin "Personnel" du serveur RDS et désactiver tous les rôles sauf "Authentification du serveur".<br />
<br />
Installer le rôle "services de bureau à distance" avec les services de rôle "gestionnaire de passerelle"<br />
<br />
<br />
Config Apache :</p>
<pre>
<VirtualHost *:443>
ServerName myRDP.domain
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/myrdp.crt
SSLCertificateKeyFile /etc/apache2/ssl/myrdp.key
CustomLog ${APACHE_LOG_DIR}/myrdp.log combined
ErrorLog ${APACHE_LOG_DIR}/myrdp.log
#LogLevel info proxy_msrpc:trace2
SSLProxyEngine On
SSLProxyCheckPeerCN Off
SSLProxyCheckPeerName Off
# Enable RPC over HTTPS
OutlookAnywherePassthrough On
#LogLevel info proxy_msrpc:trace2
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / https://RDPServer/
ProxyPassReverse / https://RDPServer/
</VirtualHost>
<VirtualHost *:80>
ServerName myrdp.domain
Redirect / "https://myrdp.domain/"
CustomLog ${APACHE_LOG_DIR}/myrdp.log combined
ErrorLog ${APACHE_LOG_DIR}/myrdp.log
</VirtualHost>
</pre>
<p>Issue : le certificat doit être reconnu comme CA sur le client.</p>