Publish a Hosted Website to Users

This article will show you how to create a Hosted Website service to enable access to an internal web application located in your private network, so your end users can conveniently yet securely access the it via their browser.

Scenario

For this quick start guide, we have an internal web application that needs to published to end users. As depicted in the diagram below, this guide uses the Jenkins CI/CD application, which is installed on a host named jenkins with IP address 10.10.12.11 with the web application listening on port 80.

We assume your end users have been added to your Banyan directory, and that they have the latest Banyan Desktop or Mobile App installed on devices from which they will access the Jenkins application.

Setup

The setup for this quick start guide is as follows:

  1. A Banyan Access Tier is installed in the same network segment as the web application to be published using Banyan. This guide uses an Access Tier named product-team.

  2. A wildcard DNS record is set up pointing to the Access Tier, so that the Access Tier can serve multiple internal services. This guide assumes the DNS record *.corp.example.com resolves to the IP address of the product-team Access Tier.

  3. The web application that needs to published is installed on a host named jenkins and is listening on port 80.

  1. A Banyan Connector is installed in the same network segment as the web application to be published using Banyan. This guide uses an Access Tier named datacenter1.

  2. A wildcard DNS record is set up as a Banyan Registered Domain. This guide assume the DNS record *.corp.example.com has been added as a Registered Domain in your Command Center.

Steps

We will securely expose the Jenkins application in 3 steps.

Step 1. Create a Policy for Web Access

1.1 Navigate to Secure Access > Policies > Create New Policy and create a new Policy using the template Web Policy.

1.2 Name the policy quickstart-user-web.

Also set the policy attributes for minimal controls:

  • Allow access from user principals with ANY role
  • Do not set a Trust Level requirement

Step 2. Register the Web Application as a Hosted Website

2.1 Navigate to Manage Services > Hosted Services and then click + Register Service.

2.2 Select the template Standard Website.

2.2 Name the Service Name (such as, jenkins-ci) and set the service attributes based on your deployment model:

  • Select the product-team Access Tier

  • Enter the Service Domain Name for this service jenkins.corp.example.com and leave the port as 443 for HTTPS; this is the URL that users enter in their web browser to access the service

  • Select the datacenter1 Connector

  • Enter the Service Domain Name for this service jenkins.corp.example.com and leave the port as 443 for HTTPS; this is the URL that users enter in their web browser to access the service

2.4 Specify how backend connectivity should be set up:

  • Enter the Backend Domain and Port. In this guide, we use jenkins and port 80; you may use the backend IP address instead of the backend domain here.

  • Since our Jenkins application doesn’t use TLS we can leave the other extra checkboxes unset.

2.5 Attach the quickstart-user-web policy we had previously created and set enforcement mode to Enforcing.

2.6 Click Register Service.

Step 3. From your Device, securely access the Hosted Website from a Web Browser

3.1 From your registered device use a browser to navigate to the website you just created: https://jenkins.corp.example.com

3.2 You will be prompted to confirm your Device Certificate and then to log in via your Identity Provider. Once device and user trust has been established the user will be allowed to access the Jenkins application.

Success!

And, that’s it! You have created a Zero Trust policy for the Jenkins web application and accessed it conveniently from a web browser.



Last modified: Aug 19, 2021