Publish a Hosted Website to Users
How to create a Hosted Web service for access to a web app located in your private network, so your end users can access the web service via their browser
- Updated on May 11, 2022
Overview
Here, you have an internal web application that needs to be published to end users. As depicted in the diagram below, this guide uses the Jenkins CI/CD application, which is installed on a host named jenkins with the IP address 10.10.12.11 and the web application listening on port 80.
This assumes your end users have been added to your Banyan directory and that they have the latest Banyan desktop app or mobile app installed on their devices (from which they will access the Jenkins application).
Set-up
The set-up is as follows:
-
A Banyan Access Tier is installed in the same network segment as the web application to be published using Banyan. This guide uses an Access Tier named
product-team. -
A wildcard DNS record is set up pointing to the Access Tier, so that the Access Tier can serve multiple internal services. This guide assumes the DNS record
*.corp.example.comresolves to the IP address of theproduct-teamAccess Tier. -
The web application that needs to published is installed on a host named
jenkinsand is listening on port80.
-
A Banyan Connector is installed in the same network segment as the web application to be published using Banyan. This guide uses an Access Tier named
datacenter1. -
A wildcard DNS record is set up as a Banyan Registered Domain. This guide assumes the DNS record
*.corp.example.comhas been added as a Registered Domain in your Command Center.
Steps
We will securely expose the Jenkins application in three steps.
Step 1: Create a Policy for Web Access
1.1 Navigate from Secure Access > Policies > Create New Policy, and select the Web Policy template.
1.2 Name the policy quickstart-user-web.
Also, set the policy attributes for minimal controls:
- Allow access from user principals with
ANYrole - Do not set a
Trust Levelrequirement
Step 2: Register the Web Application as a Hosted Website
2.1 Navigate from Manage Services > Hosted Services, and then select + Register Service.
2.2 Select the Standard Website template.
2.2 Under Service Name, name your service (such as, jenkins-ci) and set the service attributes based on your deployment model:
-
Select the
product-teamAccess Tier -
Enter the Service Domain Name for this service
jenkins.corp.example.com, and leave the port as443for HTTPS; this is the URL that users enter in their web browser to access the service.
-
Select the
datacenter1Connector -
Enter the Service Domain Name for this service
jenkins.corp.example.com, and leave the port as443for HTTPS; this is the URL that users enter in their web browser to access the service.
2.4 Specify how backend connectivity should be set up.
-
Enter the Backend Domain and Port. In this guide, use
jenkinsand port80; you may use the backend IP address instead of the backend domain here. -
Since the Jenkins application doesn’t use TLS, you can leave the other checkboxes unset.
2.5 Attach the quickstart-user-web policy you previously created, and set the enforcement mode to Enforcing.
2.6 Select Register Service.
Step 3: From your device, securely access the Hosted Website from a web browser
3.1 From your registered device, use a browser to navigate to the website you just created: https://jenkins.corp.example.com
3.2 You will be prompted to confirm your Device Certificate and then to log in via your Identity Provider. Once device and user trust have been established, the user will be allowed to access the Jenkins application.
Test the Connection
In the event that you cannot access the published service, leverage the test connection functionality to diagnose any connection issues.
In the Command Center, navigate from Manage Services > Hosted Websites, then select a Service Name. In your service, select Test Connection (the check icon in the upper right corner of the page). This will show you the status of your connection, detailing whether your domain name or hostname are resolvable and whether the Access Tier and backend port are reachable.
