Setting up SSL-only access, plus a "Deploy" button?
Posted: Mon Apr 08, 2013 3:12 pm
Hi,
I'm starting a new website using CMSMS + Apache + Linux.
We will only offer static content, so I want to hide the dynamic CMSMS functionality from public view...
I plan to publish the CMSMS only via SSL, with Apache checking client-side certificates. So content authors will need a private SSL certificate, otherwise they won't see the CMSMS.
Our Admin interface will need a "deploy" button to spider the site with WGET, for upload to the live server. When the author is happy with his edits, all the content in the dynamic CMSMS site on port 443 will get pushed to the public static website on port 80.
On the plus side, this should mean I don't need to update my CMSMS installation if a security issue is discovered - because I'll only issue the SSL certificate to a small number of trusted authors.
On the minus side, the public site will be 100% static. So it will be very fast, but limited to static content only.
Has anyone tried this before?
Possible problems:-
1. Staging site will be on port 443 only; public site will be on port 80 only. There will be broken links if any CMSMS pages or CSS files contain links as http:// or https:// rather than as pure relative links.
2. I don't yet know how to add the "deploy" button to the Admin pages. I just need some way to launch a Linux shell command from the Admin GUI, so that the author doesn't need to SSH onto the box and do it by hand.
Grateful for any pointers!
- Martin
I'm starting a new website using CMSMS + Apache + Linux.
We will only offer static content, so I want to hide the dynamic CMSMS functionality from public view...
I plan to publish the CMSMS only via SSL, with Apache checking client-side certificates. So content authors will need a private SSL certificate, otherwise they won't see the CMSMS.
Our Admin interface will need a "deploy" button to spider the site with WGET, for upload to the live server. When the author is happy with his edits, all the content in the dynamic CMSMS site on port 443 will get pushed to the public static website on port 80.
On the plus side, this should mean I don't need to update my CMSMS installation if a security issue is discovered - because I'll only issue the SSL certificate to a small number of trusted authors.
On the minus side, the public site will be 100% static. So it will be very fast, but limited to static content only.
Has anyone tried this before?
Possible problems:-
1. Staging site will be on port 443 only; public site will be on port 80 only. There will be broken links if any CMSMS pages or CSS files contain links as http:// or https:// rather than as pure relative links.
2. I don't yet know how to add the "deploy" button to the Admin pages. I just need some way to launch a Linux shell command from the Admin GUI, so that the author doesn't need to SSH onto the box and do it by hand.
Grateful for any pointers!
- Martin