Network Configuration for HTTPS and Remote Access - abcsoftware/abc-docs GitHub Wiki
For configuring https without opening your router to the WAN, see Using-SSL-Certificates-in-Server-Core instead of this page. You'll need to know a few things about your network configuration:
- your router login credentials
- your WAN address
- whether or not you already have a DNS name pointing to your WAN address If these terms or information are unclear to you, enlist the help of your IT support people to do the configuration.
DNS name
If you have a static IP address and a domain name, you can add an A record to the domain registration data to point the DNS name to your WAN address. We suggest using the sub-domain "abc" for access to your ABC server—for example, abc.companyname.com. If you can't get a static IP address from your internet provider you'll need to register a domain name from a dynamic domain service, such as https://www.noip.com/remote-access. Test this step by pinging the DNS name and verifying the IP address is your WAN address. Additional companies can be sub-domains using CNAME records pointing to the A record domain.
Port Forwarding
Login to your router and forward the necessary ports to your ABC Server computer. For ABC Client4 access from outside, UDP port 3996 is the standard port. ABC Server Core, including the reports dispatched from Client4, uses the standard HTTPS TCP port 443. For auto-updating certificates through Let's Encrypt, you'll also need to forward the standard HTTP TCP port 80.
Firewall
Ensure that the above forwarded ports are allowed past any firewalls protecting the server computer.
Internal Access to the Server
You'll need to be able to access the server from your local network computers at the same DNS name as used for remote access. This can be done in two different ways.
Split DNS
Your DNS server can be configured to provide the local internal address of your server for the DNS name.
Router Loopback
Your router can allow access to the WAN address by looping it back to the port forwarding. This is generally not enabled by default. Specifics vary by the brand of the router.
ABC Configuration
When the above configuration steps are in place we can proceed with configuring ABC. The page on Using-SSL-Certificates-in-Server-Core may be helpful.