Allowing other developers to manage custom development via a web server proxy

  Follow me: Follow Bruce Kirkpatrick by email subscription Bruce Kirkpatrick on Twitter Bruce Kirkpatrick on Facebook
Thu, May 30, 2013 at 10:15PM

Today, I realized it is possible to configure my web server to proxy the request through to a remote server for the purpose of allow collaboration between multiple developers without causing security concerns.  This would allow the content to appear as if it is was www.clientdomain.com without me having to provide development access to my server.

Update 6/8/2013: I have now completed the work described below to enable Jetendo CMS and Wordpress to be integrated on the same domain, yet hosted on separate servers.  Documentation was posted on the Jetendo CMS web site: https://www.jetendo.com/manual/view/current/3.1/wordpress-integration.html

URL Rewriting still works

The url rewriting can still function with a proxy so that you'd have a URL with variables like this:
/TITLE-APPID-ID.html     or /article/title/1.html, etc

the final url might be like this:
/custom-page-19-3.html  

Behind the scenes, that would proxy to another server with a URL like this, which would be invisible to robots/users:
http://client.yourdomain.com/custom.php?title=$1&id=$2

You'd override any http header variables in your app like HTTP_HOST to be www.clientdomain.com and REMOTE_ADDR to be the correct IP address so that any generated links and security checks are correct.

Keeping the design synchronized

I could setup publishing of HTML files for the outer template of clientdomain.com, so that the other developer's app could share the same look and stay up to date automatically.   I could use Server Side Includes (SSI) so that the other app only needs to have a few SSI directives in its theme code.

Security

From my perspective there is no security risk for my server when allowing another developer access to the domain via proxy.  The other developer's hosting may get hacked and allow the site to distribute malicious software, but my server itself wouldn't be compromised.  This protects the data on my server.  It may hurt my IP addresses, but that is acceptable.

If the other developer has a static IP, I could further limit access to the Wordpress admin to make it more secure.  Though if they install an insecure plug-in, it could still cause problems on their end.  

One of the nice things about using a proxy to integrate 2 domains is there are no javascript security errors when the domain matches.  So you can do any kind of ajax you want.  You could also share an SSL certificate on both servers since only the host name must match.

Performance

If the hosting the other developer uses is reasonably fast, then it shouldn't be noticeably slower.   I could also enable a proxy cache for those urls so that the content is cached for a period of time so it is very fast after the first request.  I could also give the other developer a way to clear the cache manually if necessary. 

Because the other app would have a nearly empty theme file that just has the SSI directives, the amount of HTML would be very small most of the time.  Additionally, compression between the servers would also improve performance.  Most of the design files / images should be installed on the origin server for the best results.

Easier collaboration

This might be a useful feature for collaborating with other developers in general when they want to use my real estate features, but also do custom programming in another language like PHP.   I could figure out how to integrate wordpress through the proxy if that is what they wanted to use.  The other developer would log in and manage wordpress (or another app) like normal once it is setup.

Integrating both applications more deeply

I could also provide the other developer an example PHP script to allow them to post lead data to my server from their own forms so that the client has one consolidated place to manage their lead data.  The developer could send the data through once it passes their PHP validation with CURL by simply including my PHP script in the right places.  I could also do the opposite and allow posting the lead data from my app to their app - something I've already done before with constantcontact.com.

I also might be able to quickly design a way of generating iframe code so that some of my app's features can be integrated with the other apps pages.   If they want the code to be displayed directly in the source code of the page for SEO benefits, then perhaps they would just embed them with a SSI include instead of an iframe to achieve that.  This make it able to auto-stretch the page and be more integrated with the current document.   This approach works when my server is the point of origin for the request.  Later, this could be adapted so that the other developer could be the point of origin, but that is more work since I'd need to provide a more thorough API with documentation to allow the integration.

Wordpress as the first fully supported platform

I could give other developers a known to be working copy of Wordpress so that they don't need to understand how it works so much.  They just upload it to their server and do the work they need to do.  Later, I could support other platforms and other languages, so that the number of developers who can benefit from the features of my application is greatly increased.

Enhances Jetendo CMS

I wrote this as a plan for what I want to do with Jetendo CMS in the near future.  Jetendo CMS is written with the CFML language and it works only with Railo 4.  This means many developers won't have the experience or desire to know how to edit and manage the application.  Even if they did, they would still have access to too much information because Jetendo CMS is multi-tenant application.  One copy of the source code and database powers all of our unique domains.   I can't allow a single developer to access our server to edit the source code for one domain without giving them access to everything we have. 

I consider these valuable features of Jetendo CMS, but when you want to collaborate with someone outside your company on development, you need an alternative solution like what is presented in this article.  We have a lot of unique features for real estate search, video and content management, which may help someone build a better web site in less time, yet when they need to do something custom, they need more to be able to use the languages and tools they know.

Custom work quickly becomes too much for one person to manage

Because my app doesn't do certain things and I can't find the time to add them, it is necessary to either use different software sometimes.  We are often working on custom apps because that's why the client paid extra.  They'd often use a template solution if it were able to be done more simply.  In some cases, you can't avoid writing the whole thing custom if the client wants specific custom features.  

However, sometimes a custom interface just needs to post the right fields to an existing piece of software for the data to be collected and then the rest of the system can stay the same.  Like a custom checkout page for specific products that would post to bigcommerce.com.   Relying on existing software reduces the cost to build something and you can ensure this by preventing certain technical things from becoming part of the project before it is sold.

Hardcore web developers might not be very focused on marketing & SEO

I like to work on very difficult programming tasks, so I usually farm out all the marketing and SEO work to others.  Allowing other people to work on my sites is important so that they can do the custom things the client wants and to sell various marketing services that help the client have a complete business solution. 

Sometimes, a CMS content manager isn't enough to empower the marketer to do their job.  They might need to change the outer theme, add custom forms and build new data driven features sometimes for marketing & SEO campaigns.  Sometimes a custom design has these things locked down or the CMS doesn't have support for editing that feature.  

This causes a bottleneck to occur on the developer who built the project and may cause the client and other developer to get impatient since the developer is probably too busy with complex work to stop and do these smaller simple things all the time.  The marketing folks need to be able to do their thing independent of the main developer.

Integration on a single domain is better for SEO and usability

When it comes to SEO, you usually want the content to be on the same domain and not use subdomains.  You also want to be able to retain the same navigation structure and not look like its 2 different applications.

Making lower budget projects possible

It would great if we were able to allow clients to buy a cheap wordpress theme that is already built as HTML.  We'd just need to plug in some of my app's widgets and tweak the design a little bit to achieve a low budget project in a profitable way.   You also get to rely on the existing documentation / training resources available for whatever third party software is used to develop the site, so the client may have fewer support issues and feel more in control.

Conclusion

I think this is a great way to have safe collaboration with third party contractors.  This approach allows easy collaboration with outsiders without needing to micro manage how they manage their security. 


Bookmark & Share



Popular tags on this blog

Performance |