How to customize the backend domain name of AnQiCMS v2.1.1 to improve security?

As a website operator who is well-versed in AnQi CMS, I am well aware of the importance of website security for content operation.In the ever-changing Internet environment, any bit of security negligence may lead to incalculable losses.AnQiCMS is a corporate-level content management system that focuses on security. The custom backend domain feature introduced in version v2.1.1 is to further strengthen the security protection of the backend management interface, making your website operation more reassuring.

Why is it crucial to customize the backend domain for security?

In website operation, the security of the background management interface is the core of the overall website security. Many content management systems have default background access paths that are open and easy to guess, such as/admin//backendor/systemThis predictability provides an easy entry for malicious attackers and automated scanning tools, who can attempt brute force attacks, find vulnerabilities, and thereby steal data or destroy websites.

By customizing the backend domain, you can redirect the backend entry from a common, predictable URL path to a completely independent and unrelated domain.This is like setting up a secret entrance for your management office instead of using the main entrance that everyone knows.It greatly increases the difficulty for attackers to find the backdoor, providing an additional 'invisibility' protection for your website management interface, thereby effectively improving the overall security of the website.

Custom backend domain feature in AnQiCMS v2.1.1

AnQiCMS has officially introduced the custom backend domain feature in its v2.1.1 version.This update aims to provide users with more flexible and secure backend management options, reflecting the AnQiCMS team's continuous attention and investment in system security.By simple configuration, AnQiCMS users can now easily distinguish the background access path from the front-end, enjoying a higher level of security protection.

Detailed steps to implement custom backend domain in AnQiCMS v2.1.1

To enable and configure the AnQiCMS custom backend domain feature, you need to complete the following key steps:

Step 1: Parse the new backend domain

Before starting the AnQiCMS internal configuration, you need to select a separate domain name or subdomain for your backend management interface, for exampleadmin.yourdomain.comorcms.yourdomain.net. Choose a domain that is not directly related to the front-end business to further improve security.

After selecting a domain name, please go to your domain registrar or DNS service provider's management interface and point this new domain or subdomain to the IP address of the server where AnQiCMS is deployed.Generally, this involves adding an A record. Ensure that the DNS record has been correctly activated and completed its global propagation, which may take a few minutes to a few hours.

Step 2: Configure the Web server reverse proxy.

Whether you use Nginx or Apache as your web server, you need to configure a reverse proxy to correctly forward all requests sent to the new backend domain to the port where the AnQiCMS application is actually running (AnQiCMS is running by default on8001Port).

Nginx Server Configuration Example:

In your Nginx configuration file (usually located in/etc/nginx/conf.d/or/etc/nginx/sites-available/directory under some.confFile), add a new one for your new backend domainserverBlock. Please replace it with your actual backend domain and configure an SSL certificate as needed to enable HTTPS.admin.yourdomain.comReplace it with your actual backend domain, and configure an SSL certificate as needed to enable HTTPS.

server {
    listen 80; # 监听HTTP请求，建议重定向到HTTPS
    server_name admin.yourdomain.com; # 替换为您的后台域名

    # 可选：将所有HTTP请求重定向到HTTPS
    # return 301 https://$host$request_uri;
}

server {
    listen 443 ssl; # 监听HTTPS请求
    server_name admin.yourdomain.com; # 替换为您的后台域名

    # SSL 证书配置，请替换为您的实际证书路径
    ssl_certificate /path/to/your_ssl_cert.crt;
    ssl_certificate_key /path/to/your_ssl_key.key;

    location / {
        proxy_pass http://127.0.0.1:8001; # AnQiCMS 默认运行端口
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

After saving the configuration, please make sure to restart the Nginx service to make the changes take effect.In the environment based on the Baota panel, you can find the Nginx configuration and restart options in the website management interface.

Apache server configuration example:

For the Apache server, you need to be in the virtual host configuration file (usually located in/etc/httpd/conf.d/or/etc/apache2/sites-available/Under the directory.confConfigure reverse proxy. First make suremod_proxyandmod_proxy_httpmodules are enabled.

<VirtualHost *:80> # 监听HTTP请求，建议重定向到HTTPS
    ServerName admin.yourdomain.com # 替换为您的后台域名
    # 可选：将所有HTTP请求重定向到HTTPS
    # Redirect permanent / https://admin.yourdomain.com/
</VirtualHost>

<VirtualHost *:443> # 监听HTTPS请求
    ServerName admin.yourdomain.com # 替换为您的后台域名

    # SSL 证书配置，请替换为您的实际证书路径
    SSLEngine on
    SSLCertificateFile /path/to/your_ssl_cert.crt
    SSLCertificateKeyFile /path/to/your_ssl_key.key

    ProxyRequests Off
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:8001/
    ProxyPassReverse / http://127.0.0.1:8001/

    <Directory />
        Options FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

After saving the configuration, please restart the Apache service to make the changes take effect.

The third step: Configure in the AnQiCMS backend

After the reverse proxy configuration of the web server is completed, you need to log in to the AnQiCMS admin dashboard. Please use the original backend access method (such asyourdomain.com/system/Log in.

After successful login, navigate to the left menu item "Background Settings", then click "Global Feature Settings".On this page, you will find a configuration item named "background domain address".Please enter the new domain name you parsed and used for reverse proxying (such ashttps://admin.yourdomain.comPlease fill in this field completely. Make sure to include the correcthttp://orhttps://prefix.

After saving this setting, AnQiCMS will recognize and start using this new backend domain as the entry point for its management interface.

Step 4: Test Access

After completing all the steps above, you should now be able to access your AnQiCMS admin panel via the new backend domain (for examplehttps://admin.yourdomain.com/) directly access your AnQiCMS admin panel.

To ensure safety has been effectively improved, it is recommended that you perform