Web Services#
On a web proxy node only, Self-service and admin Web services can be disabled, re-enabled and listed if required. The task should be carried out after provisioning and if the Admin Portal or Self-service GUI for example needs to be disabled for security purposes.
Note
It is strongly recommended not to allow customer end-users the same level of administrator access as the restricted groups of provider- and customer administrators. This is why Self-service web proxies as well as Administrator web proxies should be used.
Systems with Self-service only web proxies are only recommended where the system is customer facing, but where the customer does not administer the system themselves.
The commands should be run on the relevant web proxy node. It is not recommended that the commands be run on a standalone single-node cluster system, but only on a multi-node cluster.
In particular, the commands to disable or enable web services will automatically reconfigure and restart the nginx process, so some downtime will result. Request URLs to a disabled service will redirect the user to the active service.
Note
SSO for end-user Self-service is supported when using a shared VOSS web proxy for Admin and Self-service, when using the Admin URL in the SSO setup. Once authenticated in the IdP via that URL, the user is dropped into the end-user Self-service interface (if they are an end user) and access via their role. SSO is not supported when using a dedicated Self-service proxy.
To disable admin or Self-service web services on a web proxy node, run the command on the relevant node:
web service disable <selfservice|admin>
When running
web service disable admin
, all admin portals are disabled.To enable admin or Self-service web services on a web proxy node, run the command on the relevant node:
web service enable <selfservice|admin>
To list disabled web services on an Admin or Self-service web services web proxy node:
web service list
For example:
platform@cscluster1:~$ web service list disable: admin