Apache: Running CCC on a different HTTP Port than Admin

1.1. How it is contributed during install

Admin

https://github.com/schmto/nmsprime/blob/dev/Install/files/nmsprime-admin.conf

Enviroment File: https://github.com/schmto/nmsprime/blob/dev/Install/files/global.env

CCC

https://github.com/schmto/nmsprime/blob/dev/modules/Ccc/Install/files/nmsprime-ccc.conf

Enviroment Files are provided by: https://github.com/schmto/nmsprime/blob/dev/modules/Ccc/Install/files/ccc.env

1.2. General

Strategy: simply run two separate virtual hosts on two different ports, like

Service	HTTP Port	Note

Service	HTTP Port	Note
admin	8080	changing default https port for admin fronted will be a security advantage
CCC	443	default https port – (for easy access of ccc for all customers)

1.3. Configuration

1.3.1. 1. Change /etc/httpd/conf.d/nmsprime.conf to admin access:

1.3.1.1.1. /etc/httpd/conf.d/lara.conf

Listen 8080

<VirtualHost *:8080>
    SSLEngine On
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4
    SSLCertificateFile /etc/httpd/ssl/httpd.pem
    SSLCertificateKeyFile /etc/httpd/ssl/httpd.key

    Alias /nmsprime /var/www/nmsprime/public

    <Directory /var/www/nmsprime/public>
      AllowOverride All
    </Directory>

    DocumentRoot /var/www/nmsprime/public
</VirtualHost>

1.3.2. 2. add a second virtual host file for CCC: /etc/httpd/conf.d/nmsprime-ccc.conf

1.3.2.1.1. /etc/httpd/conf.d/lara-ccc.conf

 <VirtualHost *:443>
    SSLEngine On
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA:!RC4
    SSLCertificateFile /etc/httpd/ssl/httpd.pem
    SSLCertificateKeyFile /etc/httpd/ssl/httpd.key
</VirtualHost>

Alias /nmsprime /var/www/nmsprime/public-ccc

<Directory /var/www/nmsprime/public-ccc>
AllowOverride All
</Directory>

1.3.3. 3. Adapt .env file to auto load the correct default start page based on port config

# HTTPS Port settings
HTTPS_ADMIN_PORT=8080
HTTPS_CCC_PORT=443

1.3.4. 4. Add Port to Firewalld

1.3.4.1.1. firewalld adaptions

# Note: change name of zone if necessary
firewall-cmd --add-port=8080/tcp --zone=public
firewall-cmd --runtime-to-permanent

1.4. How it works inside Laravel

we use two different entry points for CCC and admin, based on two different public directories and two different index.php files
Inside the two different index.php files, we can do security checks for correct access

See: https://devel.roetzer-engineering.com:3128/stash/projects/PRO/repos/laravel/compare/commits?sourceBranch=refs%2Fheads%2Ffeature%2Fsplit-admin-from-ccc&targetBranch=refs%2Fheads%2Fmaster