Settings

The User Authentication Settings for the external portal allow you to activate or deactivate user authentication for external users.

The external portal uses the reverse proxy system to provide web access, and the settings are analogous to the settings for a reverse-proxy front end, with the following differences:

SSL is always activated
No "Outlook Anywhere", proxy paths or blocked paths
A separate reverse-proxy back end is created for the external portal in the back end, but it is not included in the list of back ends.
Also, the settings for the external portal do not appear in the list of front ends, but they are treated like a front end when validating settings.

Navigate to User Authentication > External Portal > Settings to open an editing window where you can create the general settings for the user authentication.

In the External Portal editing window you can modify the following parameters:

Input field	Description
I/0	A slider button indicates whether the external portal is enabled (I) or disabled (0). You can change the status of the user authentication by clicking the slider button. User authentication is disabled by default.
Domain or IP address	Enter the name of the domain or the IP address assigned to the external portal.
Reverse Proxy Auth Cookie Domain	Cookies are used for reverse proxy authentication (see Reverse Proxy). To ensure that these cookies are sent from the browser to the server under the correct conditions, it may be necessary to set the domain attribute of the cookie accordingly. If this field is empty, the cookie domain is not explicitly set and corresponds to the domain or IP specification of the external portal. If the value has not been adjusted by the user, a sensible default value is used: No cookie domain when specifying an IP address The specified domain, if it is a second level domain (i.e. it is directly below a TLD, such as example.com) The next higher domain, if it is a subdomain. So for portal.example.com then e.g. example.com. The cookie domain is important so that successful authentication on the external portal hosted at portal.example.com, for example, is also effective for other services on other subdomains, such as webmail.example.com or intranet.example.com. For special cases, the cookie domain can be manually set to a custom value. Important: Important safety information: Setting a cookie domain causes the browser to send this cookie to the target server for requests to the specified domain. The cookie for reverse proxy authentication is sensitive information that enables the owner to access resources shared via reverse proxy. Only cookie domains that are fully trustworthy should be specified.
Connection	Select a connection. You can select a network connection, a PPP connection or a Wireguard connection.
Port	Configure the externally accessible listen port for the external portal.
Use Let's Encrypt	Use a Let's Encrypt certificate. See Let's Encrypt. Note: One limitation of using Let's Encrypt is that no IP addresses can be used in the Domain or IP address field, only domain names.
SSL certificate	Select a certificate with a private key.