Split Up Admin and User Logins

Read 5370 times
Any way to split up the admin and user panels and logins, so that they run on separate ports, and can be restricted separately (similar to how cPanel has the WHM and cPanel logins on separate ports)?
Thanks.
Why would this be beneficial? Just curious? In the end, all the database entries are the same with Centova and I'd imagine it would be a massive split.
Stream101 || Affordable Media Solutions
http://www.stream101.com | 877-240-7767
If the login pages are on separate ports, the admin and user login pages can be locked down separately, with separate settings and access for each.
And it wouldn't require any splitting on the backend, just restricting users to log in on one port, and admins on another.
Last Edit: March 07, 2016, 10:34:30 pm by isaacl
All you need is just an good password. Anthing else is too much for centova panel.
That's what they all say... Until something gets hacked, or someone's password is compromised, etc.
That's what they all say... Until something gets hacked, or someone's password is compromised, etc.

How exactly would this feature help if a password is stolen?
Maybe 2FA would help in this case.
How exactly would this feature help if a password is stolen?

Quite simple, since the port can be locked down so the port isn't publicly accessible, and only specific source IPs/dynamic DNS hostnames (I use CSF) can access that port, no one else can get to the admin part, even if they have your password.
I do that with cPanel, where port 2087 isn't accessible to anyone but me, and haven't had any issues.
Maybe 2FA would help in this case.

That would help as well, but I rather not even let others access my admin port to begin with.
Respectfully, this is a bit of a silly request.  Using a separate port for the admin interface adds nothing in terms of security.

If you want to limit admin access by IP, you can do that by editing the nginx configuration in /usr/local/centovacast/etc and restricting access to /admin/ by IP address (or by any other mechanism you deem appropriate).  For this to be useful you'd also need to block access to the API (/api.php) which also accepts the admin credentials.