/
Apache: Running CCC on a different HTTP Port than Admin

Apache: Running CCC on a different HTTP Port than Admin

Owned by Torsten Schmidt
Last updated: Oct 23, 2018 by Robin Sachse

How it is contributed during install

Admin

https://github.com/schmto/nmsprime/blob/dev/Install/files/nmsprime-admin.conf

Enviroment File: https://github.com/schmto/nmsprime/blob/dev/Install/files/global.env

 

CCC

https://github.com/schmto/nmsprime/blob/dev/modules/Ccc/Install/files/nmsprime-ccc.conf

Enviroment Files are provided by: https://github.com/schmto/nmsprime/blob/dev/modules/Ccc/Install/files/ccc.env

General

Strategy: simply run two separate virtual hosts on two different ports, like

ServiceHTTP PortNote
admin8080changing default https port for admin fronted will be a security advantage
CCC443

default https port – (for easy access of ccc for all customers)

Configuration

1. Change /etc/httpd/conf.d/nmsprime.conf to admin access:

/etc/httpd/conf.d/lara.conf
Listen 8080

<VirtualHost *:8080>
    SSLEngine On
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4
    SSLCertificateFile /etc/httpd/ssl/httpd.pem
    SSLCertificateKeyFile /etc/httpd/ssl/httpd.key

    Alias /nmsprime /var/www/nmsprime/public

    <Directory /var/www/nmsprime/public>
      AllowOverride All
    </Directory>

    DocumentRoot /var/www/nmsprime/public
</VirtualHost>

2. add a second virtual host file for CCC: /etc/httpd/conf.d/nmsprime-ccc.conf

/etc/httpd/conf.d/lara-ccc.conf
 <VirtualHost *:443>
    SSLEngine On
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4
    SSLCertificateFile /etc/httpd/ssl/httpd.pem
    SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
</VirtualHost>

Alias /nmsprime /var/www/nmsprime/public-ccc

<Directory /var/www/nmsprime/public-ccc>
AllowOverride All
</Directory>

3. Adapt .env file to auto load the correct default start page based on port config

# HTTPS Port settings
HTTPS_ADMIN_PORT=8080
HTTPS_CCC_PORT=443

4. Add Port to Firewalld

firewalld adaptions
# Note: change name of zone if necessary
firewall-cmd --add-port=8080/tcp --zone=public
firewall-cmd --runtime-to-permanent

 

How it works inside Laravel

  • we use two different entry points for CCC and admin, based on two different public directories and two different index.php files
  • Inside the two different index.php files, we can do security checks for correct access

See: https://devel.roetzer-engineering.com:3128/stash/projects/PRO/repos/laravel/compare/commits?sourceBranch=refs%2Fheads%2Ffeature%2Fsplit-admin-from-ccc&targetBranch=refs%2Fheads%2Fmaster