| *** Frank__ (72ffc71c@gateway/web/freenode/ip.114.255.199.28) has joined #wikid | 07:25 | |
| Frank__ | hello. | 07:26 |
|---|---|---|
| Frank__ | is there anybody there? | 07:26 |
| Frank__ | noone there? | 07:37 |
| *** Frank__ has quit (Quit: Page closed) | 07:37 | |
| *** nowen (~nowen@adsl-66-165-228.asm.bellsouth.net) has joined #wikid | 13:03 | |
| *** Craig_ (4cf15df6@gateway/web/freenode/ip.76.241.93.246) has joined #wikid | 18:38 | |
| Craig_ | good afternoon | 18:39 |
| nowen | hi | 18:39 |
| Craig_ | quick architecture question about wikid | 18:39 |
| nowen | ok | 18:39 |
| Craig_ | do you have any customers who host the wikid server in a DMZ? | 18:39 |
| nowen | yes, many | 18:40 |
| Craig_ | so, most DMZs, at least ones I manage the security over, don't allow user stores to reside in them | 18:40 |
| Craig_ | why shouldn't I be concerned about the wikid user store being in the DMZ | 18:41 |
| nowen | some also NAT the external IP | 18:41 |
| Craig_ | have you ever thought about separating the web server and the user store, so peole can split them up? | 18:43 |
| nowen | no, it's never come up before | 18:43 |
| Craig_ | in my opinion, it would make the whole setup a little more secure. | 18:44 |
| nowen | You can put a web server in front of WiKID to route the token requests to another server | 18:44 |
| Craig_ | oh....maybe that's what I need then.....do you have docs? | 18:45 |
| nowen | not really, just an apache redirect ;) | 18:45 |
| Craig_ | ok, i'll try and figure it out. | 18:46 |
| nowen | RewriteRule ^/wikid/(.*) https://localhost:8443/wikid/$1 [P] | 18:46 |
| nowen | would re-write the token requests to a new port on the same server | 18:46 |
| nowen | all the token requests go to /wikid/ on port 80 | 18:47 |
| Craig_ | ok, so....if I had the redirecting web server in my DMZ and the wikid server on my internal network........how would that affect the wikid domain setup? | 18:48 |
| Craig_ | if at all? | 18:48 |
| nowen | the domain identifier is still the external ip address even though the box has the internal ip | 18:48 |
| Craig_ | ok | 18:49 |
| Craig_ | so the domain code on the token client is pretty much just for routing across the internet.? | 18:49 |
| nowen | correct | 18:49 |
| Craig_ | gotcha. thanks.......that helps a lot. | 18:50 |
| nowen | np | 18:50 |
| Craig_ | have a good one | 18:50 |
| nowen | you too | 18:50 |
| *** Craig_ has quit (Quit: Page closed) | 18:50 | |
| *** nowen has parted #wikid (None) | 21:58 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!