Versions Compared

Version Old Version 9 New Version Current
Changes made by

Torsten Schmidt

Robin Sachse

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


How it is contributed during install

Admin

https://github.com/schmto/nmsprime/blob/dev/Install/files/nmsprime-admin.conf

...

Enviroment Files are provided by: https://github.com/schmto/nmsprime/blob/dev/modules/Ccc/Install/files/ccc.env

General

Strategy: simply run two separate virtual hosts on two different ports, like

ServiceHTTP PortNote
admin8080changing default https port for admin fronted will be a security advantage
CCC443

default https port – (for easy access of ccc for all customers)

Configuration

1. Change /etc/httpd/conf.d/nmsprime.conf to admin access:

Code Block
title/etc/httpd/conf.d/lara.conf
Listen 8080

<VirtualHost *:8080>
    SSLEngine On
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4
    SSLCertificateFile /etc/httpd/ssl/httpd.pem
    SSLCertificateKeyFile /etc/httpd/ssl/httpd.key

    Alias /nmsprime /var/www/nmsprime/public

    <Directory /var/www/nmsprime/public>
      AllowOverride All
    </Directory>

    DocumentRoot /var/www/nmsprime/public
</VirtualHost>

2. add a second virtual host file for CCC: /etc/httpd/conf.d/nmsprime-ccc.conf

Code Block
title/etc/httpd/conf.d/lara-ccc.conf
 <VirtualHost *:443>
    SSLEngine On
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4
    SSLCertificateFile /etc/httpd/ssl/httpd.pem
    SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
</VirtualHost>

Alias /nmsprime /var/www/nmsprime/public-ccc

<Directory /var/www/nmsprime/public-ccc>
AllowOverride All
</Directory>

3. Adapt .env file to auto load the correct default start page based on port config

Code Block
# HTTPS Port settings
HTTPS_ADMIN_PORT=8080
HTTPS_CCC_PORT=443

4. Add Port to Firewalld

Code Block
languagebash
titlefirewalld adaptions
# Note: change name of zone if necessary
firewall-cmd --add-port=8080/tcp --zone=public
firewall-cmd --runtime-to-permanent

 

How it works inside Laravel

  • we use two different entry points for CCC and admin, based on two different public directories and two different index.php files
  • Inside the two different index.php files, we can do security checks for correct access

...