ServiceDesk Plus Public Access For All!

We often get asked how best to access ServiceDesk Plus ‘publicly’ from the Internet without the use of dedicated connections or VPN services.  

There are no specific features in ServiceDesk Plus to do this other than in the ‘Self-Service Portal Settings’ where you would configure a URL Alias of a Fully Qualified Domain Name (FQDN) that would be published internally and externally on the Internet:

This URL Alias is used in all the notification messages sent by ServiceDesk Plus.

Now we could simply publish the internal ServiceDesk Plus server directly through the organisation’s firewall out onto the Internet. However, this obviously presents some major security issues should the ServiceDesk Plus server be in any way compromised.

A relatively simple solution to this might be to make use of a Reverse Proxy such as NGINX. Here you can configure a separate server as a Reverse Proxy to relay all incoming requests from the external Internet to the ServiceDesk Plus server. The Reverse Proxy server itself can be located on a DMZ network of the organisation’s firewall and appropriate rules used to control and analyse the traffic for potential threats.

Using NGINX is relatively simple and is available as open-source software. Details for a Windows version are detailed below:

http://nginx.org/en/docs/windows.html

In order to run NGINX successfully, you’ll need to edit the ‘nginx.conf’ file in the unpacked ‘nginx-1.9.15conf folder’ and specify the correct details for the elements shown in bold:

    server {

        listen       8888;

        #tells Nginx the hostname and the TCP port where it should listen for HTTP connections.

        # set this to the same port as your internal SD+ server port;

        server_name  172.16.99.131;

        # lets you doname-based virtual hosting

        # set this to the IP address or hostname of your reverse proxy server

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {

        # The location setting lets you configure how nginx responds to requests for resources

        # within the server.

            root   html;

            index  index.html index.htm;

proxy_pass http://10.0.0.10:8888;

        # Set the proxy_pass details to the internal IP address or hostname of your internal

        # SD+ server

        }

In this case, it is now possible to access my internal ServiceDesk Plus server, which is running on 10.0.0.10:8888, via the NGINX reverse proxy server, which is running on 172.16.99.131:8888.

Other options exist for enabling HTTPS listening ports with appropriate certificates, which are far too detailed to go into here, but hopefully, we’ve managed to highlight a potential solution for allowing public access to your installation of ServiceDesk Plus.

Enjoy!

For more ServiceDesk Plus enquiries contact us or feel free to check out our Services