On 3/19/2020 4:50 PM, Stormy wrote:
Jim -- tnx -- see below
On 2020-03-19 4:05 p.m., Jim Albert wrote:
On 3/19/2020 3:48 PM, Stormy wrote:
I have, on Apache 2.4.7:
https://mysite.com/ which runs a Perl/Mysql based application perfectly
and a parallel "staff only" accessed (now) only on our LAN to edit
the above public application.
I need to add "outside" access for staff working from home, so that
I would end up with e.g.
https://mysite.com/ [working exactly as before]
and
https://mysite.com/foo [for the "staff_only", fully working on LAN]
I have tried variations of: Redirect permanent "/foo/"
"http://mysite.com/staff_only/"; -- but end up with 404 every time.
Is there an elegant solution for this?
Many thanks -- Paul
You need to explain in more detail what you are trying to do.
Is mysite.com referencing the same server whether accessed publicly
or privately?
Yes -- its a standalone LAMP server with a very large Mysql db with
public access for output, and a staff interface to edit the data. It
is behind an Nginx front end server to four others and which takes
care of Letsencrypt, firewall etc.
Are you trying to use split-DNS to reference public vs private
servers so you can use the same domain name to access a private
server across a VPN?
Split-DNS, if I understand the term is already in place on the LAN,
the app is on 192.168.1.50 and the editing is on 192.168.1.50, but
Bell only give us a single static public IP. (I'm not certain that
this meets the definition of VPN)
If staff-only is confidential and on the same server as public
mysite.com you still have some significant risks which can be
mitigated with apache access controls (.htaccess for example)... but
still not a very good idea.
If none of above is relevant to what you want to do then your
redirect is to an http resource where you reference https everywhere
else... is that your problem?
All the public interfaces are https (I tried that in the "Redirect"
and get 404)
If still none of my discussion is relevant then what is the purpose
of https://mysite.com/foo redirecting to staff_only... why not just
use a URL directly to staff_only?
I maybe oversimplified: the site is in fact
https://database.mysite.com which goes direct to the public app. I was
looking to add /foo (even /gobble-de-gook-foo) for hopefully temporary
"staff at home" access.
If working from home is completely new to your company (and I imagine
there's a lot of that with current health concerns) and security is a
concern then opening up private resources on a public server is not a
good idea and you should look into some secure remote access
solutions to access private servers across a vpn.
The staff resources are of course pw protected. A vpn might make
sense, but I have no experience (virt-manager, Gnome-boxes whatever
would put me into a brand new learning curve :={ )
I was just hoping for a simple Apache redirect that can be put in
place quickly as a temporary work-around and removed just as quickly.
Thanks -- paul
OK... I've presented the caveats of serving private resources on a
public server... if, in fact, that's what you are trying to do and if so
please consider how you are protecting those private resources from the
public.
I take it your employees need to work from home and instead of accessing
via private 192.168... IP as they would on your LAN, you'll be accessing
via public IP?
Just going back to what you want to do outside of the topic of security,
give us the Redirect configuration again (did you really make an http vs
https mistake in your original post?)
What is the context of the Redirect?... .htaccess, config file, etc...
As Richard asks, please present relevant apache error logs rather than
what you are simply seeing in your browser.
Jim
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
