Dr.Web Proxy Server can be connected to Dr.Web Server to remotely configure settings and to support traffic encryption.
Connection settings
Connecting Dr.Web Proxy Server to Dr.Web Server
•Dr.Web Server certificate drwcsd-certificate.pem.
The Proxy Server must have all certificates of all Dr.Web Servers to which it connects and to which the client traffic is forwarded.
▫The Dr.Web Server certificate is required to connect to Dr.Web Server for remote configuration and to support encryption of traffic between Dr.Web Server and Dr.Web Proxy Server.
▫The Proxy Server certificate is signed by the Dr.Web Server certificate and private key (the procedure is performed automatically on Dr.Web Server after the connection is established, and no administrator intervention is required) and is required to connect Dr.Web Agents and to support encryption of traffic between Dr.Web Agents and Dr.Web Proxy Server.
All the Dr.Web Server certificates are stored on Dr.Web Proxy Server in the drwcsd-proxy-trusted.list configuration file in the following format (certificates records are separated by one or more empty lines):
[<certificate_1>]
[<certificate_2>]
[<certificate_3>] ... |
•Dr.Web Server address.
Dr.Web Proxy Server connects to all Dr.Web Servers that are specified in its configuration file for forwarding the client traffic. However, it is allowed to accept settings only from a specific set of connected Dr.Web Servers that are marked as managing. If more that one Dr.Web Server is marked as managing, then Dr.Web Proxy Server connects to all the Dr.Web Servers in rotation until it gets the first valid (not empty) configuration.
•Identifier and password to access Dr.Web Server.
Credentials are available after creating Dr.Web Proxy Server account using the Control Center (see Creating Dr.Web Proxy Server Account).
|
Dr.Web Proxy Server identifier and password are used in a single copy. You must create Dr.Web Proxy Server accounts with the same credentials on all Dr.Web Servers to which Dr.Web Proxy Server connects. |
Credentials are stored on Dr.Web Proxy Server in the drwcsd-proxy.auth configuration file in the following format:
[<Proxy_server_ID>] [<Proxy_server_password>] |
Connecting Dr.Web Proxy Server to Dr.Web Server
|
In order to connect to Dr.Web Proxy Server, you must enable the corresponding protocol on Dr.Web Server. To do this, set the Dr.Web Proxy Server protocol flag in the Control Center in the Administration → Dr.Web Server configuration → Modules section, save the settings and restart Dr.Web Server. |
Automatic connection to Dr.Web Server when installing in Windows OS
•If Dr.Web Proxy Server is installed as part of the Dr.Web Agent installation or if it is installed on the station where the Dr.Web Agent is installed, then the connection to Dr.Web Server is established automatically.
•If Dr.Web Proxy Server is installed via the graphical installer in Windows OS, then the connection to Dr.Web Server is established automatically using the credentials specified by the administrator in the installer settings.
After installing Dr.Web Proxy Server, the files for the connection to Dr.Web Server are located by default in the following folder: C:\ProgramData\Doctor Web\drwcs\etc.
Manual connection for installation in Unix-like OS
1.Install Dr.Web Proxy Server for Unix-like OS according to the procedure described in the Installing Dr.Web Proxy Server Using Installer section.
2.Create Dr.Web Proxy Server account using the Control Center as described in the Creating Dr.Web Proxy Server Account section.
3.Copy the Dr.Web Server certificate to the computer where Dr.Web Proxy Server is installed.
4.In the drwcsd-proxy-trusted.list configuration file, specify the certificate copied to the computer in step 3: copy and paste the contents of the certificate file into the configuration file according to the format above.
5.In the drwcsd-proxy.auth configuration file, specify the Dr.Web Server connection settings for the account created in step 2 according to the format above.
The drwcsd-proxy-trusted.list and drwcsd-proxy.auth files must be located in the following directories:
•for Linux OS: /var/opt/drwcs/etc
•for FreeBSD OS: /var/drwcs/etc
Set the following permissions for the files
drwcsd-proxy-trusted.list 0644 drwcs:drwcs drwcsd-proxy.auth 0600 drwcs:drwcs |
Quick connection using the command line
This option is especially relevant for Unix-like OS, as it eliminates the need to edit configuration files manually. A single command can be used to connect to another server, reset settings, or in case if you have problems with the existing connection to the server.
Use the following commands:
•Windows OS:
drwcsd-proxy deploy <server-address> <server-certificate> <proxy-login> <proxy-password> |
•Linux OS:
/etc/init.d/dwcp_proxy deploy <server-address> <server-certificate> <proxy-login> <proxy-password> |
•FreeBSD OS:
/usr/local/etc/rc.d/dwcp_proxy deploy <server-address> <server-certificate> <proxy-login> <proxy-password> |
On successful connection:
•The username and the password are written to the Dr.Web Proxy Server drwcsd-proxy.auth configuration file.
•The Dr.Web Server certificate is written to the drwcsd-proxy-trusted.list configuration file.
•A new private key drwcsd-proxy.pri is generated.
•The new certificate is generated, signed on the server and added to the list of signed certificates (drwcsd-proxy-signed.list).
•The configuration file is downloaded from the server and added to the drwcsd-proxy.conf configuration file.