Web Server Configuration

For PCI compliance, the web server configuration must be installed in a DMZ and separated from the rest of the network so that card holder data would never be on the same part of the lan as the DMZ.

The diagram above shows the flow of data for web sales. The general setup involves:

• A firewall that directs incoming traffic on ports 80 and 443 to the web server from the internet. The web server is configured to elevate all port 80 traffic to use TLS on port 443.
• The web server can be on the same subnet as the firewall (or not, as you wish). This allows:
  • web traffic from the internet on ports 80 and 443
  • provides dynamic load balancing to a number of Theatre Manager Servers and passes web requests to port 5000 on each of those servers
• A TM Server in Services Configuration receives communication on port 5000 and talks back to the web server on internal port 8111 (a separate virtual server) to retrieve custom web pages for merging
• Some configuration of the services in Company Preferences 'Director Tab'

The actual installation of the is described for Macintosh and Windows. While unsupported by Arts Management, you can use Linux if you know how to use apt-get and install and configure NGINX (we can provide a template nginx.conf file for you.

 

The diagram refers to 192.168.1.x for the internal network and is used throughout the documentation as a sample lan addresses. Your IP addresses may be different