Remote access to webadmin

[JEP]

Is there no configuration setting to allow webadmin for a server to be accessed remotely? I have searched the GUI and dug around for anything in a .conf file and could not find anything documented.

If not, it seems a bit of a missing feature. Many servers are often primarily administered remotely. Having to remote desktop to a windows server just to run a web browser seems to add an unnecessary hurdle.

[S_Luis]

Hi JEP! First of all, and this is important:

Which platform are you running the Plastic SCM Server on? (Windows / macOS / GNULinux) What flavor of the server are you using? (regular / .NET Core bundle).

It is completely doable to acces a server remotely - you just need to use the secure port. By default it is 7179, and it requires your Plastic SCM server to listen in a SSL port as well (as it uses the same certificate). Let me elaborate:

You see, starting in release 9.0.16.4392, we changed how the WebAdmin listens to requests. The ports I'm going to talk about are defined in server.conf (but might not appear if you use their default value).

• Port WebAdminToolPort (by default 7178) listens ONLY through HTTP, and attends only requests from localhost. This cannot be changed, and it works this way to prevent security issues.
• Port WebAdminToolSslPort (by default, 7179) listens ONLY through HTTPS, and attends requests both from localhost and any other origin.

The WebAdmin starts its 7179 port ONLY if you also have a SSL port defined in your network.conf. This is because the WebAdmin uses the same certificate as the "regular" Plastic SCM server ports. You can add an SSL port by editing your network.conf file and adding the "security" property to the port you want to securize.

[
  {
    "port": 8084
  },
  {
    "security": "ssl",
    "port": 8085
  }
]

Let me know if you could access your Plastic SCM server!

[JEP]

Okay, this makes sense and I was able to access it remotely using https://server:7179 (this is a regular Windows server, BTW). Thanks for the help.

What would avoid this potential pitfall with people evaluating/using Plastic SCM would be updating the PLASTIC SCM ADMINISTRATOR'S GUIDE. Specifically, the section "Accessing the webadmin". Right now, it says, "Open your favorite web browser and connect to your server address like this: http://ipserver:7178. We do not support HTTPS yet. So, don't open it up to the Internet."

Seems that has not been updated since you added those features.

[S_Luis]

Not yet, you are completely right, and I'm sorry the documentation was misleading. We still need to update it, and I'll make sure it gets pushed and done. Thank you for your understanding, I'm glad we could solve your issue

[DarkCamper]

Hi! Sorry for hijacking this post, but I think my petition is closely related:

Could you please reconsider allowing (via configuration??) HTTP requests from outside localhost again? There are cases when there's an existing external reverse proxy that already manages SSL certs and other aspects of the connections (e.g. traefik + kubernetes), where having to worry about webadmin ssl configuration (or having to install some sort of reverse proxy inside the plasticd machine) seems really unnecessary.

[JEP]

Please don't hijack threads. Anyone can create threads at any time, so do that. The codice staff seem to read them all.

By hijacking, you just send notifications to the original poster, including any replies to your post, thus annoying them with things that are off topic to their post. :/

[mjensen]

Hi, i've tried to follow your steps S_Luis, but i can't find the network.conf file. Where is it supposed to be? 
I'm working on a linux machine - debian 10.5 if that makes any difference.
I'm using plasticscm-server-core version 9.0.16.4484.

When i search search for .conf files i don't find a network.conf, but i find a remoting.conf which the documentation states should be automatically converted into network.conf. Should remoting.conf delete itself after converting, or is it something runtime so when i search for files it will appear?
I haven't been able to connect with the https:// :7179 port. I can open the webadmin from localhost, connect to it through the plastic gui as wel as create a new repository so I believe the service runs.

netstat prints

I tried to connect by ipv6 but that failed as well.

Do you have any steps i can take?

Thanks in advance.

[Sundar]

@mjensen- I realize I'm coming into this way late (a year!!). The file is /opt/plasticscm5/server/network.conf. You may have to create it if it does not exist. Note that for most situations you'll want to use port 8087 and 8088 rather than the 8084 and 8085 that was mentioned previously (those may be internal to Codice?). So you're network.conf should look like this:

[
  {
    "port": 8087
  },
  {
     "security": "ssl",
     "port": 8088
  }
]

@S_Luis - can you please clarify the ports that are in your post (8084, 8085) vs what was recommended to me by Codice support (Carlos) who suggested I use 8087 and 8088. Does it matter what the ports are? Also, is this documented somewhere that I missed? Thanks!