Re: "Work from home" access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Jim -- tnx -- see below

On 2020-03-19 4:05 p.m., Jim Albert wrote:
On 3/19/2020 3:48 PM, Stormy wrote:
I have, on Apache 2.4.7:
https://mysite.com/ which runs a Perl/Mysql based application perfectly
and a parallel "staff only" accessed (now) only on our LAN to edit the above public application.

I need to add "outside" access for staff working from home, so that I would end up with e.g.

https://mysite.com/ ; [working exactly as before]
and
https://mysite.com/foo ; [for the "staff_only", fully working on LAN]

I have tried variations of:   Redirect permanent "/foo/" "http://mysite.com/staff_only/"; -- but end up with 404 every time.

Is there an elegant solution for this?

Many thanks -- Paul

You need to explain in more detail what you are trying to do.
Is mysite.com referencing the same server whether accessed publicly or privately?
Yes -- its a standalone LAMP server with a very large Mysql db with public access for output, and a staff interface to edit the data. It is behind an Nginx front end server to four others and which takes care of Letsencrypt, firewall etc.

Are you trying to use split-DNS to reference public vs private servers so you can use the same domain name to access a private server across a VPN?

Split-DNS, if I understand the term is already in place on the LAN, the app is on 192.168.1.50 and the editing is on 192.168.1.50, but Bell only give us a single static public IP. (I'm not certain that this meets the definition of VPN)

If staff-only is confidential and on the same server as public mysite.com you still have some significant risks which can be mitigated with apache access controls (.htaccess for example)... but still not a very good idea.

If none of above is relevant to what you want to do then your redirect is to an http resource where you reference https everywhere else... is that your problem?

All the public interfaces are https (I tried that in the "Redirect" and get 404)

If still none of my discussion is relevant then what is the purpose of https://mysite.com/foo redirecting to staff_only... why not just use a URL directly to staff_only?

I maybe oversimplified: the site is in fact https://database.mysite.com which goes direct to the public app. I was looking to add /foo (even /gobble-de-gook-foo) for hopefully temporary "staff at home" access.

If working from home is completely new to your company (and I imagine there's a lot of that with current health concerns) and security is a concern then opening up private resources on a public server is not a good idea and you should look into some secure remote access solutions to access private servers across a vpn.

The staff resources are of course pw protected. A vpn might make sense, but I have no experience (virt-manager, Gnome-boxes whatever would put me into a brand new learning curve :={ )

I was just hoping for a simple Apache redirect that can be put in place quickly as a temporary work-around and removed just as quickly.

Thanks -- paul

Jim Albert



---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux