Devolutions Gateway can operate behind Ngrok to add an additional layer of protection to an internal Devolutions Gateway installation or to allow an outbound tunnel when changing a firewall configuration is unavailable. Using Devolutions Gateway behind Ngrok is available for both Devolutions Server and Devolutions Hub Business. The Ngrok tunnel can be added to an already existing gateway by changing some settings in the gateway.json file.
A paid subscription to Ngrok is required as the gateway needs to serve TCP traffic. The subscription also includes the use of custom domain names.
-
Log into the Ngrok dashboard.
-
Go to the Domains section which is under Cloud Edge.
-
Click New Domain.
-
Input the domain details and click Continue.
-
Under Cloud Edge, select the TCP Addresses section and then click the New TCP Address button.
-
Modify the information if needed and click Continue.
It is advised to take note of the Domain, TCP Address, assigned TCP port as well as the Ngrok Authtoken.
-
Go to Getting Started — Your Authtoken and click the Copy button.
-
Log into the Devolutions Server or Devolutions Hub Business instance as a user with access to the Devolutions Gateway configuration.
-
Go to Administration — Devolutions Gateway.
-
Click the More button and select Download public key.
This file needs to be accessible to the server hosting Devolutions Gateway behind Ngrok.
When using Ngrok with Devolutions Hub Business, the Devolutions Gateway Standalone web interface will be unavailable, therefore keep the Enable the Gateway web interface option unchecked. Devolutions Gateway Standalone requires a private provisioner key, which is not available with Devolutions Hub.
-
Open a connection to the server hosting Devolutions Gateway and download the installer.
-
Run the installer.
-
Click Next.
-
Once the desired installation path is selected, click the Next button.
-
Check the Enable access over the internet using Ngrok option and click Next.
-
Enter the Ngrok settings and click Next.
-
Specify the path to the previously retrieved public key from Devolutions Server or Devolutions Hub Business and click Next.
This key file must be accessible to the NetworkService account, which Devolutions Gateway runs as.
-
Click Next and then click Install.
-
Log into a Devolutions Server instance as a user with access to the Devolutions Gateway configuration.
-
Go to Administration — Devolutions Gateway.
-
Click the Add (+) button and choose Gateway.
-
Enter the previously retrieved details from Ngrok used to configure Devolutions Gateway.
It may be needed to preface the Ngrok domain with
https://
. Auto-Detect will not work but Test connection will indicate if the Ngrok Domain is accessible. -
Click Save.
-
Click the ellipsis (More) button next to the newly configured gateway and select Publish revocation list.
-
If the Publish Gateway configuration option is available, it should be done before Publish revocation list.
-
-
Log into a Devolutions Hub Business instance as a user with access to the Devolutions Gateway configuration.
-
Go to Administration — Devolutions Gateway.
-
Click the Add (+) button.
-
Enter the previously retrieved details from Ngrok used to configure Devolutions Gateway.
It may be needed to preface the Ngrok domain with
https://
. Auto-Detect will not work but Test connection will indicate if the Ngrok Domain is accessible. -
Go through any combination of Vaults, Groups or Users tabs to decide how the licenses will be distributed.
-
Click Add.
-
Click the ellipsis (More) button next to the newly configured gateway and select Publish Gateway configuration.