[ZendTo] Local install for external users

Thu Mar 1 09:38:21 GMT 2018


On 28/02/2018 22:52, Maarten Andriessen wrote:
>
> This is what we do…. Although I called it “files.company.com” instead, 
> just in case we ever decide to replace ZendTo with a different 
> product, or Jules ever decides to rename it. ;)
>
> Your internal DNS servers (I assume you have them) should do the trick.
>
> *From:*zendto-bounces at zend.to [mailto:zendto-bounces at zend.to] *On 
> Behalf Of *Bocquet Stéphane
> *Sent:* Tuesday, February 27, 2018 6:34 AM
> *To:* ZendTo Users <zendto at zend.to>
> *Subject:* Re: [ZendTo] Local install for external users
>
> Hi François !
>
> Why don’t you use the same URL (https://zento.mydomain.com) for 
> internal users ?
>
> It seems more secure to me, as if someone manage to connect to your 
> network by any ways (believe me, this thing happens, even more if you 
> have a Wi-Fi network!), he still cannot listen to the IP traffic 
> between the client and the server to get some passwords for example… 
> HTTP and port 80 must be ban nowadays!
>
> If you are on a Debian/Ubuntu server, Apache conf files are in 
> /etc/apache2. For other Linux, It should be the same or something near…
>
> Anyway, I think you have to configure 2 setup files in 
> /etc/apache2/sites-available
>
> -rw-r--r-- 1 root root 1472 Feb 15 16:18 001-zendto.conf
>
> -rw-r--r-- 1 root root 3514 Feb 15 16:19 001-zendto-ssl.conf
>
> And make 2 links in ../site-enabled
>
> lrwxrwxrwx 1 root root   34 Jan  9 15:26 001-zendto.conf -> 
> ../sites-available/001-zendto.conf
>
> lrwxrwxrwx 1 root root   38 Jan  9 15:26 001-zendto-ssl.conf -> 
> ../sites-available/001-zendto-ssl.conf
>
The links should be created using the "a2ensite" command. From what I 
remember, you just need to:

a2ensite 001-zendto
a2ensite 001-zendto-ssl

> ZendTo installation scripts should have done that.
>
> Just check those two files if they seem correct to what you are expecting.
>
> In /etc/apache2/sites-available/001-zento.conf, you should have 
> something like this
>
> # This will force http to automatically redirect to https.
>
>   <IfModule mod_rewrite.c>
>
>     RewriteEngine On
>
>     RewriteCond %{HTTPS} off
>
>     RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} 
> <https://%25%7bHTTP_HOST%7d%25%7bREQUEST_URI%7d>
>
> </IfModule>
>
> I think that if you put this in comment, the two URL should work, HTTP 
> will not been redirected to HTTPS.
>
> Personally, I will not do that for security reasons, but you can try ;)
>
> Stéphane
>
> *De :*zendto-bounces at zend.to <mailto:zendto-bounces at zend.to> 
> [mailto:zendto-bounces at zend.to] *De la part de* FT-news
> *Envoyé :* mardi 27 février 2018 14:45
> *À :* zendto at zend.to <mailto:zendto at zend.to>
> *Objet :* [ZendTo] Local install for external users
>
> Hi all,
>
> Any advice on how to setup apache so that the ZendTo server installed 
> into the local network will be reachable from the outside ?
>
> Internal users should connect on zendto.mydomain.local (port 80) while 
> external users should connect on zendto.mydomain.com (on port 443). 
> Also, all generated links should target zendto.mydomain.com.
>
> I'm a bit confused on wich apache settings to use.
>
> Thanks for any advice.
>
> Francois
>
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto

Jules

-- 
Julian Field MEng CEng CITP MBCS MIEEE MACM

'No more impressive warning can be given to those who would confine
  knowledge and rsearch to what is apparently useful, than the
  reflection that conic sections were studied for eighteen hundred
  years merely as an abstract science, without regard to any utility
  other than to satisfy the craving for knowledge on the part of
  mathematicians, and that then at the end of this long period of
  abstract study, they were found to be the necessary key with which
  to attain the knowledge of the most important laws of nature.'
  - Alfred North Whitehead

www.Zend.To
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20180301/71ef1dad/attachment.html