Problem:
From on-premises computers I need to be able to login to Azure Analysis Service.
Since AAS is publically available my split-tunnel VPN configured in on-prem computer forwards the request to AAS through the internet. At the AAS firewall we only allow connection from internal IPs and if the request is forwarded through the internet, the public IP address of our on-prem computers is offered and blocked at the firewall.
Solution idea:
We put a proxy forwarder inside our VNET. This proxy Nginx forwarder forwards all TCP traffic to AAS. This forwarding works, but I keep hitting this error message:
Here is my nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
stream {
server {
listen 3389;
proxy_pass 10.194.32.229:3389;
}
server {
listen 2382 ssl ;
ssl_certificate wilcard-dev-2023.crt;
ssl_certificate_key wilcard-dev-2023.key;
ssl_password_file ssl-passwort;
proxy_ssl on;
proxy_pass aspaaseastus2.asazure.windows.net:2382;
}
server {
listen 2383 ssl;
ssl_certificate wilcard-dev-2023.crt;
ssl_certificate_key wilcard-dev-2023.key;
ssl_password_file ssl-passwort;
proxy_ssl on;
proxy_pass aspaaseastus2.asazure.windows.net:2383;
}
server {
listen 4430 ssl;
proxy_ssl on;
ssl_certificate wilcard-dev-2023.crt;
ssl_certificate_key wilcard-dev-2023.key;
ssl_password_file ssl-passwort;
proxy_pass aspaaseastus2.asazure.windows.net:443;
}
server {
listen 80 ;
proxy_pass aspaaseastus2.asazure.windows.net:80;
}
}
http {
... }
In the config file above, you can see that I have (successfully) added a pass-through proxy for RDP connection to a computer in the VNET)
Here is the solution idea in a diagram:
