Re: "Work from home" access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2020-03-19 5:15 p.m., Jim Albert wrote:
On 3/19/2020 4:50 PM, Stormy wrote:
Jim -- tnx -- see below

On 2020-03-19 4:05 p.m., Jim Albert wrote:
On 3/19/2020 3:48 PM, Stormy wrote:
I have, on Apache 2.4.7:
https://mysite.com/ which runs a Perl/Mysql based application perfectly
and a parallel "staff only" accessed (now) only on our LAN to edit the above public application.

I need to add "outside" access for staff working from home, so that I would end up with e.g.

https://mysite.com/ ; [working exactly as before]
and
https://mysite.com/foo ; [for the "staff_only", fully working on LAN]

I have tried variations of:   Redirect permanent "/foo/" "http://mysite.com/staff_only/"; -- but end up with 404 every time.

Is there an elegant solution for this?

Many thanks -- Paul

You need to explain in more detail what you are trying to do.
Is mysite.com referencing the same server whether accessed publicly or privately?
Yes -- its a standalone LAMP server with a very large Mysql db with public access for output, and a staff interface to edit the data. It is behind an Nginx front end server to four others and which takes care of Letsencrypt, firewall etc.

Are you trying to use split-DNS to reference public vs private servers so you can use the same domain name to access a private server across a VPN?

Split-DNS, if I understand the term is already in place on the LAN, the app is on 192.168.1.50 and the editing is on 192.168.1.50, but Bell only give us a single static public IP. (I'm not certain that this meets the definition of VPN)

If staff-only is confidential and on the same server as public mysite.com you still have some significant risks which can be mitigated with apache access controls (.htaccess for example)... but still not a very good idea.

If none of above is relevant to what you want to do then your redirect is to an http resource where you reference https everywhere else... is that your problem?

All the public interfaces are https (I tried that in the "Redirect" and get 404)

If still none of my discussion is relevant then what is the purpose of https://mysite.com/foo redirecting to staff_only... why not just use a URL directly to staff_only?

I maybe oversimplified: the site is in fact https://database.mysite.com which goes direct to the public app. I was looking to add /foo (even /gobble-de-gook-foo) for hopefully temporary "staff at home" access.

If working from home is completely new to your company (and I imagine there's a lot of that with current health concerns) and security is a concern then opening up private resources on a public server is not a good idea and you should look into some secure remote access solutions to access private servers across a vpn.

The staff resources are of course pw protected. A vpn might make sense, but I have no experience (virt-manager, Gnome-boxes whatever would put me into a brand new learning curve :={ )

I was just hoping for a simple Apache redirect that can be put in place quickly as a temporary work-around and removed just as quickly.

Thanks -- paul

OK... I've presented the caveats of serving private resources on a public server... if, in fact, that's what you are trying to do and if so please consider how you are protecting those private resources from the public. I take it your employees need to work from home and instead of accessing via private 192.168... IP as they would on your LAN, you'll be accessing via public IP?

Just going back to what you want to do outside of the topic of security, give us the Redirect configuration again (did you really make an http vs https mistake in your original post?)

What is the context of the Redirect?... .htaccess, config file, etc...

Jim thanks -- here's the relevant parts of the .conf:

paul@-----:/etc/apache2/sites-available$ cat database_public.conf
# Database public access Configuration Directives
# This file invoked by nginx
Listen 8088
## database
  <VirtualHost 192.168.1.150:8088>
   ServerName database.mysite.com
   ServerAlias database_public

## Trial 18 March 2020
#   Redirect "/gobble-de-gook-foo/" "192.168.1.151"
#   Redirect "/gobble-de-gook-foo/" "db_staff"
# Redirect permanent "/gobble-de-gook-foo/" "http://database.mysite.com/db_staff/"; Redirect permanent "/gobble-de-gook-foo/" "https://database.mysite.com/db_staff/";

   ServerAdmin  webmaster@xxxxxxxxxx
   DocumentRoot /usr/share/database_public/htdocs
      <Directory "/usr/share/database_public/htdocs">
         Options -Indexes
      </Directory>
# Secure internal stuff
<DirectoryMatch "//usr/share/database_public/htdocs/.*/(modules|xslt|includes)">
   	  Require all denied
   </DirectoryMatch>
etc..........


As Richard asks, please present relevant apache error logs rather than what you are simply seeing in your browser.

Pls see previous reply.

Many thanks -- Paul

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux