The principal need for an SSL tunnel is when a client wishes to securely communicate with a non-secure daemon. In this case, a middle layer is required, which will negotiate the encryption parameters (public key/certificate) with the client, and will communicate with the non-secure daemon in a non-secure way, after decrypting the data that was sent by the client. While earlier versions of Parallels Pro used stunnel, a universal SSL tunnel wrapper, it now uses a more powerful redirection using Apache and mod_rewrite.
The problem with the new approach is that the configuration file eplhttpd.conf actually contains the IP address of the server to which it should communicate when using the non-secure port. In a NAT environment, if you are accessing Parallels Pro from outside your network, the IP address of the server, for example, https://1.2.3.4:19638/isp/, may get translated to an internal IP address, https://10.12.3.4:19638/isp/. In this case, although the HTTPS URL contains the IP address 1.2.3.4, the Parallels Pro daemon eplhttpd should fetch the non-secure page from 10.12.3.4. Similarly, any absolute links that refer to the same Parallels Pro server should refer to 1.2.3.4, as that is the IP address from which the server will be accessed.
To ensure successful secure connections to the Parallels Pro Control Panel interface, you must modify the eplhttpd_ipaddress directive in the configuration file /usr/lib/ensim/frontend/httpd/conf/eplhttpd.conf as required. The default vale of this directive is set to the server's IP address.
Previous page
Next page
Locate page