Hi,
I'm starting a new website using CMSMS + Apache + Linux.
We will only offer static content, so I want to hide the dynamic CMSMS functionality from public view...
I plan to publish the CMSMS only via SSL, with Apache checking client-side certificates. So content authors will need a private SSL certificate, otherwise they won't see the CMSMS.
Our Admin interface will need a "deploy" button to spider the site with WGET, for upload to the live server. When the author is happy with his edits, all the content in the dynamic CMSMS site on port 443 will get pushed to the public static website on port 80.
On the plus side, this should mean I don't need to update my CMSMS installation if a security issue is discovered - because I'll only issue the SSL certificate to a small number of trusted authors.
On the minus side, the public site will be 100% static. So it will be very fast, but limited to static content only.
Has anyone tried this before?
Possible problems:-
1. Staging site will be on port 443 only; public site will be on port 80 only. There will be broken links if any CMSMS pages or CSS files contain links as http:// or https:// rather than as pure relative links.
2. I don't yet know how to add the "deploy" button to the Admin pages. I just need some way to launch a Linux shell command from the Admin GUI, so that the author doesn't need to SSH onto the box and do it by hand.
Grateful for any pointers!
- Martin
Setting up SSL-only access, plus a "Deploy" button?
-
calguy1000
- Support Guru
- Posts: 8169
- Joined: Tue Oct 19, 2004 6:44 pm
Re: Setting up SSL-only access, plus a "Deploy" button?
If you are going to setup client certificate authentication for admin access to the 'staging site' you may as well setup the same thing for the frontend access (port 80) on the staging site.
You are still going to have problems with URL generation no matter what you do. If the staging site is 'staging.mysite.com' and the live site is 'mysite.com' ... CMSMS will generate all URLS as 'staging.mysite.com' ... you would need to post-process all generated HTML pages to transform the links. At the same time you could transform the urls from https://staging.mysite.com:443/ to http://mysite.com/
I think that the URL transformation could be done in a ContentPostRender event handler.... you would just have to check if the 'visitor' is logged in to the admin, or is some kind of bot.
something like (untested):
You are still going to have problems with URL generation no matter what you do. If the staging site is 'staging.mysite.com' and the live site is 'mysite.com' ... CMSMS will generate all URLS as 'staging.mysite.com' ... you would need to post-process all generated HTML pages to transform the links. At the same time you could transform the urls from https://staging.mysite.com:443/ to http://mysite.com/
I think that the URL transformation could be done in a ContentPostRender event handler.... you would just have to check if the 'visitor' is logged in to the admin, or is some kind of bot.
something like (untested):
Code: Select all
if( !check_login(TRUE) ) {
$content = str_replace($content,'https://staging.mysite.com:443/','http://mysite.com/');
}
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Re: Setting up SSL-only access, plus a "Deploy" button?
Thanks! I'll have a play and see how it goes, and update this thread in due course.
