I wanted to redirect the web console to port 443, but the agents use that for communication with ePO. I could change the agent communication port, but I don't want to redeploy all the agents to fix their configurations. Thus, this madness was born.
You'll need to navigate to the ePO apache server configuration directory:
X:\Program Files (x86)\McAfee\ePolicy Orchestrator\Apache2\conf
Edit the httpd.conf
to enable the proxy and rewrite modules:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
LoadModule rewrite_module modules/mod_rewrite.so
Then add some rewrite rules to the bottom of the VirtualHost
block in ssl.conf
:
RewriteEngine On
ProxyPreserveHost On
SSLProxyEngine On
# Ignore certificate issues
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
# Reverse proxy websockets (or attempt to)
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) wss://epo.server.fqdn:8007/$1 [P,L]
# Reverse proxy any browser user agent
RewriteCond %{HTTP_USER_AGENT} (Firefox|Chrome|Trident)
RewriteRule /?(.*) https://epo.server.fqdn:8007/$1 [P,L]
And that should about do it. Just restart the ePO Server service (mcafeeapachesrv
).
Due to the above shenanigans, I had to edit the ssl.conf
in order to add my SSL certificates:
# Path to the x509 certificate in PEM format
SSLCertificateFile conf/ssl.crt/my-new-cert.crt
# Path to the unencrypted RSA key in PEM format
SSLCertificateKeyFile conf/ssl.crt/my-new-cert.key
# Path to the CA certificate chain for this cert
SSLCertificateChainFile conf/ssl.crt/my-new-cert.pem
To fix the warning about the SSL Session Cache, add the following line to httpd.conf
:
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
And add (or uncomment) the following line in the ssl.conf
:
SSLSessionCache shmcb:logs/ssl_scache(512000)
Then restart the ePO Server service as per above.