Multi-site configurations can be difficult to manage as I discussed in Multiple Drupal sites, one server. One method is to auto log in a user ( as user ID 1, admin) if they came from some secure IP. The theory of operation is pretty straight forward, although my implementation required mod_macro, mod_perl, mod_proxy_html, custom Drupal module and eventually some minor hacks to the core.

Theory of operation

The basic idea was to obtain gateway access to any site desired without having to know the admin password. Exact site rendering was not considered critical as this was for administration functions only.

  • Create a reverse proxy server in Apache on the same server as the Drupal sites (not required but makes it easier to explain)
  • Secure install.php and update.php scripts so they cannot be accessed outside of the domain
  • Give it a unique DNS name such as : fixit.example.com
  • Secure that server via SSL (https) and basic authentication
  • Proxy the first part of the path to a domain of the same name
    • mod_proxy_html is required to properly adjust the internal HTML references
  • A special Drupal module detects the presence of the proxy request and auto-logs the user in as uid 1 (admin).

Additional features

Some additional things become possible now that we have the concept of a SUPER USER (a user that entered through the secure proxy).

  • All systems, even shared, can have normal admin users providing a much more flexible experience
  • Such users can be dynamically limited to specific modules and form pages
    • For example I dynamically disable (even for admin) any ‘php’ like permissions and file settings form.
    • Requires a couple of hacks to Drupal core to add additional hooks. Especially the user.module
  • I do not intend to contribute these to the Drupal project, although I hopefully will get a chance to share them on this site. The hooks seem of little use outside this unique configuration and may have performance issues (minor if any). Plus my experience with contributions has been a bit unpleasant. So for now I will keep changes local to this site.

End result

The end result is so far working very well although more testing is needed.

  • Users can be admins, so I do not need to do anything extra there.
  • Access to PHP is denied even to admins
  • Anyone that can access the proxy (secured via HTTPS, basic authentication and allowed IPs) is auto-logged in as uid 1 for any supported shared site.
  • Modules can be activated/de-activated as desired within those allowed by the SUPER-USER. The SUPER-USE controls which modules are adjustable via a modified modules page. The settings are stored in a separate server-wide database and apply to all shared users.
  • The SUPER-USER can disable any form (a button appears for every admin form to enable/disable it) and like modules these are site wide.

The entire configuration is easily maintained via mod_macro and mod_perl.

Details

Details are pending the experiment being completed and tested and any interest. It is a complex configuration and will take some time to write up.