We often get asked how best to access ServiceDesk Plus ‘publicly’ from the Internet without the use of dedicated connections or VPN services.  
 
There are no specific features in ServiceDesk Plus to do this other than in the ‘Self-Service Portal Settings’ where you would configure a URL Alias of a Fully Qualified Domain Name (FQDN) that would be published internally and externally on the Internet:
 
PublicAccess1
 
This URL Alias is used in all the notification messages sent by ServiceDesk Plus.
 
Now we could simply publish the internal ServiceDesk Plus server directly through the organisation’s firewall out onto the Internet. However, this obviously presents some major security issues should the ServiceDesk Plus server be in any way compromised.
 
A relatively simple solution to this might be to make use of a Reverse Proxy such as NGINX. Here you can configure a separate server as a Reverse Proxy to relay all incoming requests from the external Internet to the ServiceDesk Plus server. The Reverse Proxy server itself can be located on a DMZ network of the organisation’s firewall and appropriate rules used to control and analyse the traffic for potential threats.
 
Using NGINX is relatively simple and is available as Open Source software. Details for a Windows version are detailed below:
 
 
In order to run NGINX successfully you’ll need to edit the ‘nginx.conf’ file in the unpacked ‘nginx-1.9.15conf folder’ and specific the correct details for the elements shown in bold:
    server {
        listen       8888;
        #tells Nginx the hostname and the TCP port where it should listen for HTTP connections.
        # set this to the same port as your internal SD+ server port;
        server_name  172.16.99.131;
        # lets you doname-based virtual hosting
        # set this to the IP address or hostname of your reverse proxy server
        #charset koi8-r;
        #access_log  logs/host.access.log  main;
        location / {
        # The location setting lets you configure how nginx responds to requests for resources
        # within the server.
            root   html;
            index  index.html index.htm;
proxy_pass http://10.0.0.10:8888;
        # Set the proxy_pass details to the internal IP address or hostname of your internal
        # SD+ server
        }
In this case it is now possible to access my internal ServiceDesk Plus server running on 10.0.0.10:8888 via the NGINX reverse proxy server running on 172.16.99.131:8888. 
 
Other options exist for enabling HTTPS listening ports with appropriate certificates which are far too detailed to go into here but hopefully we’ve managed to highlight a potential solution for allowing public access to your installation of ServiceDesk Plus.
 
Enjoy!
This article is relevant to:
Service Desk

You may be interested in these other recent articles

Get to building your business apps with the new AppCreator

9 June 2022

ManageEngine’s new low-code application development tool Creating an application, building one and deploying it can be expensive and time consuming as you have to make…

Read more

Endpoint Central’s Endpoint Security

31 May 2022

Endpoint Central (formerly Desktop Central) not only got a name change but has also introduced Endpoint Security to help organisations keep their endpoints secured. According…

Read more

Automation in ManageEngine ServiceDesk Plus

20 December 2021

Increasingly customers are looking to automate repetitive and mundane tasks in ServiceDesk Plus. Since the introduction of Deluge, Zoho’s online scripting language, as part of…

Read more

Update on the recent Apache Log4j2 vulnerability – Impact on ManageEngine on-premise and Zoho cloud products

14 December 2021

A high severity vulnerability (CVE-2021-44228) impacting multiple versions of the Apache Log4j2 utility was disclosed publicly on December 9, 2021. The vulnerability impacts Apache Log4j2…

Read more

Who do I contact for technical support for my ManageEngine product?

10 September 2021

When purchasing a ManageEngine product it will either have been supplied on a subscription basis or it would have included an initial Annual Maintenance and…

Read more