Manager, Assets and Connectors on subdomains

[kwazaro]

Summary

How to move "assets", "connectors" and "manager" to different subdomains? Is it possible without issues at all?

Step to reproduce

I need such setup: http://manager.site.com/ - for manager; http://connectors.site.com/ - for connectors; http://assets.site.com/ - for assets. http://site.com/ - default web context. If I install such setup during advanced installation, I get Manager not working (only top menu is showing, not working links, no tree etc. - only log out function works from menu). All path in config are correct. If I install MODX in default way (in one webroot) and then move assets to subdomain with making changes to config file and re-running setup - I get not working components, such as Formit, Gallery and so on (even after re-installation). I think, there is no way to move such folders as "assets", "connectors" and "manager" to sub-domains or to another hosts without issues, as it should be for this CMS (CMF), however, this process is described in official tutorial ("Hardening MODX Revolution"). What is wrong with this setup?

Environment

MODX version 2.5.4, PHP 7.1+ Apache, Shared Hosting (there is no other issues with MODX on this server - all works fine),

[Mark-H]

The problem with moving parts of the manager to subdomains has to do with cross origin requests and session sharing among others. The issues you're seeing in the manager are likely because of those.

That said, I think @mindeffects has been successful in the past at getting this set up - Oliver do you have any comments here?

[kwazaro]

This functionality (ability to change folders and move them to different domains) is declared as "out of the box" in official tutorial:

For an even more thorough solution, you could put the manager URL on a completely different domain

Why we have issues with that? Maybe, tutorial should be rewritten or there should be a working solution mentioned?

[Mark-H]

It honestly just seems like massive overkill with very little benefit over just choosing a different directory name, so maybe I'll take it out of that tutorial.

[kwazaro]

For "assets" placing on another host there are benefits with specific configs for web server to optimize static content and reduce overall HTTP requests from main host. For "manager" on another host - for security improvements. It's a good possibility to make such setup, but it should work a bit more stable and without errors.

[mindeffects]

As @Mark-H said, I have a running multi-domain system where MODX is complete "in the dark" AKA out of reach.

The CMS management (core+manager+...) is on "cms.domain.de" and the websites are either on "subdomain.domain.de" or "www.some-other-domain.tld". The website only consist of an "index.php" (initializing the context the run in) and "assets/" plus some minor non-MODX files like "robots.txt". When visiting such a website, you don't get any hint where to find the CMS, because it is only reachable by php internally. And updates are very easy, because the CMS files are all on one place, and a the site-secific assets are in the website's own folder. This works very well for years now. The only downside so far is "pthumb" which want to store the cached files inside the MODX basedir. But we solved that with a symlink inside the website assets, pointing to the pthumb cache. Again, this also hides the sensitive parts of MODX from everybody. If you want to know more, I can provide you, @kwazaro, with some details to make it run smoothly. I am also currently working on a paper on this topic for the MAB to give my approach a multi-brains review. ;-)

[kwazaro]

It's nice, but this is not what I'm talking about. I don't need multiple sites with one manager panel (if needed, I could easily figure it out using contexts). But I'm just talking about splitting one installation of MODX into different subdomains (for assets, manager and connectors). If I move assets to another host - I'll get issues. Same for manager: it seems, that manager and connectors must be on the same host and under one directory on server. The only thing that I can move outside MODX installation host without errors is the "core". Even moving just assets to subdomain causes troubles for Gallery, Collections or FormIt. Maybe, there is another way (some configs that weren't mentioned in tutorials)?

[OptimusCrime]

Why do you want to have these subdomains? Having connectors and manager on different domains will not work as far as I know, because the manager makes ajax requests to the connector, and that violates CORS.

[kwazaro]

First of all, I need the manager on subdomain for security reasons. The second is that this functionality is declared by MODX. I need, for examle, assets on different host then the main site. Is it so hard to do? Why there should be some unexpectable issues with such setup? I have possibility to change the default paths and url's for assets, connectors and manager in config file, but changing the default values couse unstability and errors.

[Mark-H]

What is more secure about using a subdomain, exactly? I honestly don't see the point of separate domains. As it violates browser constraints (CORS), I believe it's up to the requester to provide a compelling arguement why it should be supported.

The config defaults can be overridden and I've definely done that for all mentioned folders in the past, but if in doing so you're violating browser policy that's not something at fault in MODX IMO.

Placing assets on different hosts should be done with media sources and can bypass the config assets path entirely.

[Mark-H]

If you insist on a separate domain, I believe placing all MODX folders on that domain is how you can get it to work just fine. Use admin.site.com for the manager, admin.site.com/connectors/ for the connectors path, and admin.site.com/assets/ for the config assets (which houses the components folder). Set up a media source to upload content assets to assets.site.com and serve your site from site.com by placing the proper index and config.core.php files there.

I'd still argue that's not any more secure than site.com/mymgrname/ and not worth the extra server setup, but if that's your end game, go for it.

[mindeffects]

That is the way how I did it, @Mark-H . All MODX stuff in one domain and the "website(s)" in another one. My file structure is:

/modx-cluster-1
   /modx-admin1-domain.tld
   /domain1.tld
      /www
         /assets
         .htaccess
         index.php
         robots.txt
         ...
      /www2
         ...
   /domain2.tld
   ...
   /domain3.tld
/modx-cluster-2
   /modx-admin2-domain.tld
   ...

This way all websites and the modx-admin-website are in different folders, which cannot be exited above their webroot, so you can't address any "outside" stuff with the browser. Without PHP you are locked in a cage. Each modx-cluster is a separte install with its own DB. But updating a cluster install is just the same as updating a regular modx, because all files are in one place like in a traditional modx. Just index.php and /assets is specific. Why wouldn't that be more secure then a subfolder solution, @Mark-H ? Without knowing something of the internal structure, you cannot see behind the curtain and discover the modx-admin website. You could do some research on the used ip address but that wouldn't bring you any nearer to the hacking goal. Or am I missing a crucial aspect here? I am not an experct in this field so please tell me your thoughts.

[OptimusCrime]

I am not sure if the docs have been changed since you read it, but is currently says:

Unlike Evolution, MODX Revolution makes it fairly easy to change the names of its various folders and move the core outside the web root.

It does not say anything about subdomains here. Furthermore, the next line reads:

Note that only the core can (and should) be moved outside the web root because the other directories must be accessible via the web.

As far as I've understood, reading the docs, it is explaining how to move directories from the standard setup like:

• domain/assets
• domain/connectors
• domain/manager
• domain/core

To something like

• domain/files
• domain/secret1
• domain/secret2
• domain/secret3

It does not mention subdomains or another host at all.

And not to sound rude or anything, but if you knew how connectors, the core and the manager works, you know that there are many limitations in both the underlying language(s) (PHP/JavaScript) and the implementation the makes it impossible to do what you want. It is simply not possible, and if you misinterpreted the docs I would suggest cleaning it up so it reads clearer.

I'd also like to add that the layout with subdomains does not add any kind of security. In fact, moving these directories around does not add much security other than bots not identifying your site as MODX straight away.

[mindeffects]

I wouldn't agree to that moving MODX to a sohdomaib or different domain does "not add any kind of security, @OptimisCrime! I have the MODX admin page in a subfolder of a "dead" website which is .htaccess 301 redirected to a different URL. The subdir, where MODX lives, is protected by ".htaccess" and has a random name of about 32 chars. That is way it is more then just "security by obscurity".

[OptimusCrime]

@mindeffects But still you are just hiding stuff under other domains, and making it harder to find. And I can't understand which part of this requires the use of a subdomain? By the sound of it you are just using directories within a normal installation that redirects?

My argument is that if you REALLY wanted to increase security you could for example do:

• Basic auth or some sort of authentication that completely disabled access unless you were authenticated. This way it would be impossible to "reach" the files where a potential exploit resides, hence it is more secure than just obscuring it away.
• Make the manager only accessible on local network, having to use a VPN or secure connection to browse.

What I am saying is that simply hiding things is not the only way of increasing security, and likewise with subdomains.

[mindeffects]

Yes, just hiding is not enough. Therefore I use the htaccess auth protection. Without proper credentials you won't be able to use the manager or any file of modx folder through the browser.

[kwazaro]

I think this discussion coming off topic. This issue thread is not about security or hardening MODX. It's just about splitting "assets", "connectors" and "manager" into different hosts for one MODX installation. In documentation this possibility exists. But I tried to do such setup and failed, because of not working manager and components. If I move only "assets", even this will cause problems.

[OptimusCrime]

What do you mean when you say different hosts? Do you mean different subdomains, where the files are located on the same physical server, or do you mean moving your files to a completely different server?

I am asking because your original question dealt with different domains, not different hosts.

[kwazaro]

Files physically located on the same server. The URL structure should be the next:

http://website.com/ - main site;
http://assets.website.com/ - for default and custom assets of main site;
http://secretroom.website.com/ - for MODX manager panel. 

Files structure for this installation on server:

/home/user/website.com/www/ - files for website (index.php, config.core.php, robots.txt etc.);
/home/user/website.com/assets/ - assets folder;
/home/user/website.com/secretroom/ - manager files;
/home/user/modx_core/ - MODX core files, shared for some other MODX installations (via config keys);

Each folder under website.com/ - configured as subdomain and the modx_core folder is hidden from web (it can be anywhere on server)..

[Mark-H]

The limitations you run into are browsers limitations, not MODX ones. MODX doesn't care much where stuff is located, but cross origin requests are tricky to get right.

I've tweaked the Hardening MODX guide in several places... that page is really due for a complete rewrite.

I'm going to close this issue as there are no changes that need to be made in MODX. Feel free to post a topic on the forums if you wish to discuss the topic further.

[kwazaro]

The problem of this topic (possibility to move assets folder to another domain) is important, because I can't use Gallery component with multilingual website setup via Babel. The rewrite rules for .htaccess in this case cause problems and path to real assets files are wrong. Making ASSETS folder shared between different contexts can solve this problem. Does anybody use multilingual setup via contexts? Because MODX doesn't support multilingual functionality for website out of the box.

[zaigham]

@kwazaro I think almost all components use [[++assets_url]] for assets, you can try adding these to the context settings AND/OR to the component's own settings. eg. gallery.assets_url