如何在所有项目中实现在远程域托管的自己的CMS？ [英] How to implement my own CMS hosted on a remote domain in all my projects?

问题描述

所以，我开发自己的CMS，动态调整我在一个特定的域设置。

So, I'm developing my own CMS which dynamically adjusts to the settings I have set on a specific domain.

我刚在我的本地机器和现在面临的问题，我有多个项目，每个在不同的域（相同的主机提供商虽然，不知道如果这是相关的）。在我的本地主机上没有问题，因为我只指向特定的CMS文件夹。

I just developed this whole CMS on my local machine and now facing the problem that I have multiple projects, each on a different domain (same host provider though, don't know if that's relevant?). On my localhost it's no problem because I just point to the specific CMS folder.

__

CMS文件位于 www.mycms.com 的子目录中，例如 www.mycms.com/cms / ，我的项目ist托管在 www.project-a.com 。

Example: My CMS Files are in a subdirectory of www.mycms.com like www.mycms.com/cms/ and my project ist hosted on www.project-a.com.

现在我假设我只需要添加多个CMS文件，例如 www.mycms。

Now I assumed I just need to include my multiple CMS files like www.mycms.com/cms/classes/user.php, etc.

因为这给我一个权限被拒绝错误和网络上的每个人似乎都反对 allow_url_fopen 因为安全风险，我需要知道，如果我有其他可能性，使这项工作没有把所有的每个域中的 / cms / 文件。因为这会迫使我将所有的CMS文件上传到每个域，即使我只是更改小事情。

Since this gives me a permission denied error and everyone on the web seems to be against allow_url_fopen because of security risks, I need to know if I have other possibilities to make this work without putting all the files of /cms/ into each domain each time. Because that would force me to upload all CMS files all the time to each domain seperately, even if I just change minor things.

我不知道这是否可比较到类似Google Maps API的API，或者只包含远程文件的地方？ （据我所知）

I don't know if this is compareable to an API like the Google Maps API or something where you also just include remote files? (As far as I know)

我的选择是什么？如果没有剩下的选项，我应该使用 allow_url_fopen 重新考虑，但实施安全方法以避免攻击等等。

What are my options? And if there are no options left, should I reconsider using allow_url_fopen but implementing security methods to avoid attacks, etc?

推荐答案

我的回答是基于以下假设：

My answer is based on following assumptions:

• 您在基于网络开发方面的体验相对较低（从您建立自己的CMS的事实推断出来; allow_url_include 是你实际想要的; allow_url_include c> allow_url_fopen code>不会神奇地连接到远程服务器和加载php文件像服务器端; allow_url_include 应该绝对禁用，由于安全风险; code> allow_url_include 也可能大大降低您的项目的性能;您的想法是什么是Web服务是从Google Maps API派生的） - 没有意图冒犯！

• You have kind of root-access to your server and you are able to enter your webserver's configuration.
• You have rather low experience in web-based development (deduced from the fact, that you build your own CMS; allow_url_fopen seems a viable option to you, beside that allow_url_include is what you're actually seeking for; allow_url_include won't magically connect to the remote server and load the php-files like server-side; allow_url_include should definitely be disabled, due to security risks; allow_url_include could also greatly reduce the performance of your project; your idea of what is a webservice is derived from Google Maps API) - no intent to offend!

让我解决 allow_url_fopen 和 allow_url_include ：

• allow_url_fopen 和 allow_url_include 需要您开启潜在的安全风险：
  
  
  
  
  • allow_url _ * 通过http公开您的应用程序的源代码。基于我推断的假设，你是初学者，我暗示的风险，潜在的攻击者会找到一种方法，如何制定一些黑客很容易。不公平的泛化，但是当我审查年轻开发人员的源代码时，这种情况几乎总是这样。
  
  
  • 你会有第二个可能是hackable的应用层，可以发出各种
  
  
  
  • 您有一个额外的链部分，由于维护或硬件/软件问题，可能会导致停机。在通过网络服务（REST等）访问内容时也是如此。
  
  
  • allow_url_fopen 和 allow_url_include ，甚至一个web服务可能会明显降低CMS的性能，因为所有包含的文件，将通过网络而不是（通常更好的连接）本地存储。 / li>
    
  • allow_url_fopen and allow_url_include would require you to open a potential security risk.:
    • allow_url_* would require you to expose the source-code of your application via http. Based on my deduced assumption, that you're rather beginner, I imply the risk, that a potential attacker would find a way, how to formulate some hack very easy. Unfair generalization, but this is almost always the case when I review source-code of younger developers.
    • You will have a second, potentially hackable layer of your application, that could emit all sorts of php-code.

    解决方案1）最常见的解决方案是配置您的域的DNS A和AAAA-记录以指向同一服务器ip并配置您的Web服务器（例如apache，nginx / varnish）将所有流量定向到单个虚拟主机。然后，您的CMS必须处理来自不同原始地址的请求。您可以根据超级全局 $ _ SERVER ['HTTP_HOST'] -variable中的内容提供适当的内容。请注意，如果您的服务器环境位于反向代理之后，您可以对此变量命名不同（您会知道这一点;这对每个访问者而言并不相同）。

    Solution 1) The most common solution is, to configure your domain's DNS A and AAAA-Records to point all to the same server-ip and configure your webserver (eg apache, nginx/varnish) to direct all traffic to a single virtual-host. Your CMS then has to deal with requests from different origin addresses. You can deliver the appropriate content based on, whats in the super-global $_SERVER['HTTP_HOST']-variable. Beware, that this variable could be named differently, if your server-environment is behind a reverseproxy (you would know this; this is not different per visitor then).

    
    
    • 步骤1：DNS解析：您的project-a.xyz指向您的cms服务器的ip。
    
    
    • 步骤2：您的网络服务器知道，
    
    
    • 步骤3：您的网络服务器将请求定向到您的CMS
    
    
    • 步骤4：您的CMS解析实际请求的主机 $ _ SERVER ['HTTP_HOST']
    
    
    • 步骤5：您的CMS发出属于请求的主机名的内容
    
    
    • Step1: DNS-Resolution: Your project-a.xyz points to the ip of your cms' server.
    • Step2: Your webserver knowns, that it has to do something with project-a.xyz
    • Step3: Your webserver directs the request to your CMS
    • Step4: Your CMS resolves the actually requested host from $_SERVER['HTTP_HOST']
    • Step5: Your CMS emits the content, that belongs to the requested host-name

    解决方案2）如果您希望这些项目按照您的请求进行物理分离，您可以查看各种部署系统，以将更改推送到多个目标。您的CMS应该以某种方式构建，以不同方式处理cm-system-core-files（PHP文件）和实际内容，并且能够更新核心文件而不影响内容。你在这里没有很多选择。您可以使用像Git或SVN这样的SCM系统轻松地将更改与远程项目同步，但这是相当灰心的。

    Solution 2) If you want those projects to be physically separated as your requests suggests, you can take a look at various deployment-systems, that would enable to you push changes to multiple destinations. Your CMS should be built in a way, that treats cm-system-core-files (PHP-Files) and actual content differently and is able to update core-files without affecting content. You don't have pretty much options here. You could use SCM-Systems like Git or SVN to sync changes with remote projects easily, but this is rather discouraged.

    解决方案3）您可以构建某种Web服务（REST是这些天常用的技术）。所以在project-a.zyx上托管的web项目将是一个相当简单的瘦客户端，主要将请求重定向到一些休息端点。您通常还需要在这里进行某种基于https的身份验证。这将要求您的客户端能够通过HTTP（有时在共享主机环境中禁用）从另一个端点请求内容（而不是实际的源代码！），可选地对该内容进行一些转换并发出它。由于您的请求似乎暗示，这不是理想的选择，您应该真正了解第一个解决方案。

    Solution 3) You can indeed build some kind of webservice (REST is a often used technique these days). So the web-project hosted on project-a.zyx would be a rather simple thin-client, that mostly redirects requests to some rest-endpoint. You would normally also want some kind of https-based authentication here. This would require your clients to be able to request content (not actual source-code!) from another endpoint via HTTP (which is sometimes disabled on shared hosting environments), optionally make some transformation on that content and emit it. Since your requests seems to imply, that this is not the ideal option, you should really look into the first solution.

    这篇关于如何在所有项目中实现在远程域托管的自己的CMS？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！