The below steps explain how to restrict the Mobility Suite's Mobility Manager Admin Console from being published to the internet and only accessible from the internal network:
1. Modify the '/usr/local/nukona/etc/nginx/conf.d/appstore_cu.conf' file by typing the following command from the Linux Terminal on each Mobility Suite Front End:
vi /usr/local/nukona/etc/nginx/conf.d/appstore_cu.conf
2. Navigate to the end of the file using the 'Down Arrow' or 'Page Down' keys and locate the following fields in the file:
#
# Main application
#
location ~* ciscoise {
ModSecurityConfig conf.d/appstore_cu_ciscoise.modsec;
uwsgi_pass appstore_cu;
}
location /acprocessingservice {
allow 127.0.0.1;
deny all;
uwsgi_pass appstore_cu;
}
location / {
uwsgi_pass appstore_cu;
}
}
3. Press the 'i' key to modify the empty space between the '}' character after the second 'uwsgi_pass appstore_cu;' entry with the following information:
location /admin {
allow <intranet IP range>;
deny all;
uwsgi_pass appstore_cu;
}
Below is an example of all these fields filled out:
#
# Main application
#
location ~* ciscoise {
ModSecurityConfig conf.d/appstore_cu_ciscoise.modsec;
uwsgi_pass appstore_cu;
}
location /acprocessingservice {
allow 127.0.0.1;
deny all;
uwsgi_pass appstore_cu;
}
location /admin {
allow 127.0.0.1;
allow 172.19.215.0/24;
allow 172.19.216.0/24;
allow 172.19.217.0/24;
allow 172.19.218.0/24;
deny all;
uwsgi_pass appstore_cu;
}
location / {
uwsgi_pass appstore_cu;
}
}
4. Once you are finished editing this document, press the 'Esc' key and type ':wq' hitting <Enter> to write the changes to the file.
5. Restart the Mobility Suite daemons on all the Front End servers that were modified by typing in the following command:
/etc/init.d/appcenter-services restart
Once the daemons have started back up, test the connectivity to the Admin Portal through a web browser. If it succeeds, then you will see the following page appear on any /admin/ page: