As a website operator who is well-versed in AnQing CMS, I am well aware of the importance of website security for content operations.In the ever-changing internet environment, any slight negligence in security may result in incalculable losses.AnQiCMS as an enterprise-level content management system that focuses on security, the custom backend domain feature introduced in version v2.1.1 is to further strengthen the security protection of the backend management interface, making your website operation more worry-free.
Why is it crucial to customize the background domain for security?
In website operation, the security of the background management interface is the core of the overall website security. Many content management systems have default background access paths that are open and easy to guess, such as/admin//backendor/system.This predictability provides convenient entry points for malicious attackers and automated scanning tools, who can attempt brute force attacks, discover vulnerabilities, and then steal data or damage websites.
By customizing the backend domain, you can move the backend entry from a common, predictable URL path to a completely independent and unrelated domain.This is like setting up a secret entrance for your management office instead of using the main entrance that everyone knows.It greatly increases the difficulty for attackers to find the backdoor, providing an additional 'invisibility' protection for your website's management interface, thereby effectively enhancing the overall security of the website.
AnQiCMS v2.1.1 中的 custom backend domain feature
AnQiCMS officially introduced the feature of custom backend domain names in its v2.1.1 version.This update aims to provide users with more flexible and secure backend management options, reflecting the continuous attention and investment of the AnQiCMS team in system security.Through simple configuration, AnQiCMS users can now easily distinguish between the background access path and the front-end, enjoying a higher level of security.
Implementation of detailed steps for custom backend domain in AnQiCMS v2.1.1
To enable and configure the custom backend domain feature of AnQiCMS, you need to complete the following key steps:
Step 1: Parse the new backend domain
Before starting the AnQiCMS internal configuration, you need to select an independent domain name or subdomain for your admin interface, for exampleadmin.yourdomain.comorcms.yourdomain.net。Choose a domain that is not directly related to the front-end business to further improve security.
After selecting the domain name, please go to the management interface of your domain name registrar or DNS service provider and point this new domain name or subdomain to the IP address of the server where your AnQiCMS is deployed.通常,这涉及添加一条A记录。Please ensure that the DNS records have been correctly activated and propagated globally, which may take a few minutes to several hours.
第二步:Configure the Web server reverse proxy
Whether you use Nginx or Apache as your web server, you need to configure a reverse proxy to forward all requests sent to the new domain name correctly to the port where AnQiCMS is actually running (AnQiCMS is running by default on)8001Port).
Nginx server configuration example:
In your Nginx configuration file (usually located in/etc/nginx/conf.d/or/etc/nginx/sites-available/directory under the.confFile),add a new one for your new backend domainserverblock. Please replaceadmin.yourdomain.comwith your actual backend domain, and configure SSL certificates as needed to enable HTTPS.
server {
listen 80; # 监听HTTP请求,建议重定向到HTTPS
server_name admin.yourdomain.com; # 替换为您的后台域名
# 可选:将所有HTTP请求重定向到HTTPS
# return 301 https://$host$request_uri;
}
server {
listen 443 ssl; # 监听HTTPS请求
server_name admin.yourdomain.com; # 替换为您的后台域名
# SSL 证书配置,请替换为您的实际证书路径
ssl_certificate /path/to/your_ssl_cert.crt;
ssl_certificate_key /path/to/your_ssl_key.key;
location / {
proxy_pass http://127.0.0.1:8001; # AnQiCMS 默认运行端口
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Save the configuration and then restart the Nginx service to make the changes take effect.In the environment based on Baota Panel, you can find the Nginx configuration and restart options in the website management interface.
Apache server configuration example:
For Apache server, you need to configure in the virtual host configuration file (usually located in/etc/httpd/conf.d/or/etc/apache2/sites-available/the directory..confFile configuration of reverse proxy. First ensuremod_proxyandmod_proxy_http等相关模块已启用。
<VirtualHost *:80> # 监听HTTP请求,建议重定向到HTTPS
ServerName admin.yourdomain.com # 替换为您的后台域名
# 可选:将所有HTTP请求重定向到HTTPS
# Redirect permanent / https://admin.yourdomain.com/
</VirtualHost>
<VirtualHost *:443> # 监听HTTPS请求
ServerName admin.yourdomain.com # 替换为您的后台域名
# SSL 证书配置,请替换为您的实际证书路径
SSLEngine on
SSLCertificateFile /path/to/your_ssl_cert.crt
SSLCertificateKeyFile /path/to/your_ssl_key.key
ProxyRequests Off
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:8001/
ProxyPassReverse / http://127.0.0.1:8001/
<Directory />
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
After saving the configuration, please restart the Apache service to take effect.
Third step: Configure in AnQiCMS backend
The reverse proxy configuration of the web server is complete, you need to log in to the AnQiCMS background management interface. Please use the original background access method (such asyourdomain.com/system/)Login.
Login successfully, navigate to the "Background SettingsIn this page, you will find a configuration item named "Background Domain Address".https://admin.yourdomain.com)Fill in this field completely. Make sure to include the correcthttp://orhttps://Prefix.
Save this setting, AnQiCMS will recognize and start using this new backend domain as the entry point for its management interface.
Step 4: Test access
Complete all the steps above, and you should now be able to access your AnQiCMS backend management interface through the new backend domain (for examplehttps://admin.yourdomain.com/) directly.
To ensure effective enhancement of security, it is recommended that you perform