I have a test BigFix server at home and I got really tired of the self signed certificates for https tripping me up, so I went on a journey to resolve it “on the cheap”.
- I got a domain from godaddy for about $15/year
- got my public IP from my home router (it’s dynamic, but only changes like once every 2 years) and pointed my godaddy domain at my public IP on my router.
- I played around with my home router and found the “host in DMZ” setting. I used this to put my BigFix server into my DMZ temporarily.
So now I could get to my BigFix server REST API, Web Reports and WebUI from external to my house.
I run them all on a single test server (again - on the cheap), but with the typical Self Signed Certificate issues in the browsers, so the journey continued.
- I tried a few free SSL cert services and found I liked Let’s Encrypt the best.
- I banged on certbot until I got a working set of certs from it and figured out where to put them and the BigFix settings to use them.
Now I had my broswer issues resolved and that nice little green padlock indicating a safe SSL connection! Just a little bit to tidy up.
- I moved my BigFix server out of the DMZ and used Port Forwarding for 52311, 80, 443, 2443 (my webUI port) to allow those ports to pass my router and hit my BigFix server.
All working…
So I whipped up a little Fixlet that will do the Certbot stuff easily and set all the BigFix settings in one step.
https://bigfix.me/fixlet/details/26963
Working and secure SSL for my test BigFix server for $15/year in domain costs!
I would not use this for production work, but for your home test servers, it works a treat.
Once every 90 days or so you have to put your server back into the DMZ and run the certbot renew to refresh the certs. Since the Fixlet has all of the settings pointed at the Live folders, it updates them in place, making it super easy.
Hope this makes at least one person’s life a little easier.
Happy BigFixing