Publish a Hosted Website to Users

How to create a Hosted Web Service for access to a web app located in your private network, so your end users can access the web service via their browser

  • Updated on Aug 23, 2022

Scenario

In this case, an internal web application needs to be published to your end users. As depicted in the diagram below, this guide uses the Jenkins CI/CD application, as an example, which is installed on a host named jenkins with the IP address 10.10.12.11 and the web application listening on port 80.

The assumption is that your end users have been added to your Banyan directory and that they have the latest Banyan desktop app or mobile app installed on their devices (from which they will access the Jenkins application).

Setup

The setup is as follows:

  1. A Banyan Access Tier is installed in the same network segment as the web application to be published using Banyan. This guide uses an Access Tier named product-team.

  2. A wildcard DNS record is set up pointing to the Access Tier, so that the Access Tier can serve multiple internal services. This guide assumes the DNS record *.corp.example.com resolves to the IP address of the product-team Access Tier.

  3. The web application that needs to published is installed on a host named jenkins and is listening on port 80.

  1. A Banyan Connector is installed in the same network segment as the web application to be published using Banyan. This guide uses a Connector named datacenter1.

  2. A wildcard DNS record is set up as a Banyan Registered Domain. This guide assumes the DNS record *.corp.example.com has been added as a Registered Domain in your Command Center.

Steps

Securely expose your web application by completing the following three steps:

Step 1: Create a Policy for web access

1.1 Navigate from Secure Access > Policies > Create New Policy, and select the Web Policy template.

1.2 Name the Policy.

Step 2: Register the web application as a Hosted Website

2.1 Navigate from Manage Services > Hosted Services, and then select + Register Service.

2.2 Select the Standard Website template.

2.3 Under Service Name, name your service (such as, jenkins-ci) and set the service attributes based on your deployment model:

  • Select the product-team Access Tier

  • Enter the Service Domain Name for this service jenkins.corp.example.com, and leave the port as 443 for HTTPS; this is the URL that users enter in their web browser to access the service.

  • Select the datacenter1 Connector

  • Enter the Service Domain Name for this service jenkins.corp.example.com, and leave the port as 443 for HTTPS; this is the URL that users enter in their web browser to access the service.

2.4 Specify how backend connectivity should be set up.

  • Enter the Backend Domain and Port. In this guide, use jenkins and port 80; you may use the backend IP address instead of the backend domain here.

  • Since the Jenkins application doesn’t use TLS, you can leave the other checkboxes unset.

2.5 Attach your Policy (that you created in Step 1), and set the enforcement mode to Enforcing.

2.6 Optional: If your Hosted Website is published on a domain that resolves over Service Tunnel, and you wish to disable Private DNS so that it resolves instead through the Access Tier, enable the Disable Private DNS toggle (this will turn off the default setting for this specific domain name).

Note: The Disable Private DNS toggle allows admins to resolve a specific domain name via the Access Tier. Admins can then manually set up DNS entries to ensure that such domain names resolve properly. This functionality may be useful in cases where an admin is using a wildcard domain name in their service spec, and they want only some domain names within this subset to resolve over Service Tunnel while others resolve to private addresses over the Access Tier.

2.7 Select Register Service.

Step 3: From your device, securely access the Hosted Website from a web browser

3.1 From your registered device, use a browser to navigate to the website you just created: https://jenkins.corp.example.com

3.2 You will be prompted to confirm your Device Certificate and then to log in via your Identity Provider. Once device and user trust have been established, the user will be allowed to access the Jenkins application.

Test the Connection

In the event that you cannot access the published service, leverage the test connection functionality to diagnose any connection issues.

In the Command Center, navigate from Manage Services > Hosted Websites, then select a Service Name. In your service, select Test Connection (the check icon in the upper right corner of the page). This will show you the status of your connection, detailing whether your domain name or hostname are resolvable and whether the Access Tier and backend port are reachable.

Can’t find what you’re looking for?

We’re happy to help. Contact our team.