What is it

Virtual machines in msg.Cloud may be accessed from the Internet (by default they are not exposed). This is only possible through HTTPS (SSL/TLS secured connections to port 443). However, the HTTPS connection  does not terminate on your Project Server but instead at SI (Security Infrastructure) which is located on the border between Internet and msg.Cloud. This allows content inspection of the data flowing in in order to prevent malicious data to enter the msg.Cloud. Traffic is then forwarded to Project Server through HTTP.

Prerequisites

Contact ZI Cloud Support and ask for making your server accessible from Internet. Mention the hostname and IP address of your server. The host name must be resolvable through DNS. ZI will then

• provide a public IP address (under which your Project Server is visible on the Internet; the internal IP address is not affected)
• allow the hostname to be publically resolved through DNS
• take care if a SSL certificate for your hostname. (Note that very few stacks cannot deal with their name in the path component of the URL and therefore must be accessed through a prefix of your Project Server's hostname. Should you need such a stack you can add this hostname to the certificate as alternate name through ZI Cloud Support.

How to achieve it

1. On your Project Server VM issue the command docker-stack configure tls fake. This lets your Project Server know that it is accessed through HTTP but has to prefix issued links with "https:".
2. Reinstall all stacks (including the proxy stack) by issueing the command docker-stack reinstall <stack> on every stack (you may list installed tsacks using docker-stack ls). The version of your stack will not change. This way the reverse proxy configuration gets recreated, reflecting the change of the protocol part of the URL.

Good to know

After this change you are no longer able to talk to your Project Server's Web UIs through a direct connection into the SCA (i.e. using the internal IP address). You have to use the public address instead. This is because your Project Server only talks HTTP but will issue HTTPS link. So while a request in HTTP to the internal IP address would work you will receive back HTTPS links which let your browser use the public address and HTTPS henceforth.