I am creating software that allows users to either have their own custom subdomain (e.g: theirsubdomain.mydomain.com) or point a CNAME from their own domain to my website address (e.g: theirsubdomain.theirdomain.com).
I've contacted my host about this and the first subdomain option is cool. They will set-up a wilcard subdomain script for me...
The CNAME they said I can't do automatically. I will have to manually go into my account and add the domain to point to my website address otherwise apache wont now where to look for the files.
Is this common practice or is there a way around this that is automated?
The issue is the HTTP header. When you request a Web page the browser sends a request that starts out with:
GET /mypage.html HTTP/1.1
Host: www.mysite.com
The Host item allows a single Web server to serve pages for multiple domains. By looking at the Host, the server knows that mypage.html should come from its stored files for mysite.com, and not from the files of myothersite.com which is on the same server.
I am guessing your site is on a shared Web server at your host company, and they use this functionality to differentiate between requests for your site and requests for other sites that sit on that same virtual box. Some of these virtual hosts, like HostGator, will allow you to specify other domains that should be accepted on this Host line and where the returned documents should come from. This often is a more premium service offered by companies. For example on HostGator they say "The Baby and Business hosting plans allow for unlimited domains to be hosted on just one single account", however the basic Hatchling plan does not allow this.
If you have your own rented machine, with your own installation of Apache, you can manage the processing of this HTTP header information yourself. Apache supports virtual hosts, see the following documentation: http://httpd.apache.org/docs/2.2/vhosts/
So basically, you have to have some way to tell Apache (or whatever server you are using) that the files for a particular Host value corresponds to the same files for your domain, since a single Apache server may be providing files hundreds of different domains. If you are not administering your own Apache server, to where you can set up virtual hosts as shown in the documentation, the hosting service would have to provide some custom way to get this information to Apache.
Related
I'll get straight to the point.
I have bought a domain. I want to host it on my computer, maybe on a raspberry pi since only 50 persons/month will visit it.
Anywhere I've looked I see two hosting methods, using IIS/WAMP/XAMPP to only create a localhost website or adding the domain to C:\Windows\System32\drivers\etc\hosts.txt that is also... localhost.
What is the magic answer here? How can I host LIVE a website with the domain that I have bought? Am I stuck to using a hosting service? Am I missing something really important?
using IIS/WAMP/XAMPP to only create a localhost website
You need an HTTP server if you want to host a website. It needs to run on the computer you want to host the website from.
adding the domain to C:\Windows\System32\drivers\etc\hosts.txt
That's what you do as a poor man's solution instead of buying a domain name.
The Domain Name needs to be associated with a DNS server (and secondary DNS server) by your registrar.
Usually, a registrar will provide DNS hosting services as part of the deal.
The DNS server needs an A record pointing at the IP address of the computer running the web server. This IP address needs to be available to whomever is going to visit it (which almost certainly needs to be public facing) and should be static (unless you want to play games with very short TTL values and frequent reconfiguration of the DNS servers).
If you plan to host multiple different websites on the same server, you'll probably want to configure the HTTP server software to handle Virtual Name Hosting (whereby it pays attention to the Host header in the request and dynamically serves different content based on it)
Scenario
We have a multi-tenant SaaS application deployed on a VM hosted with a service provider. We have multiple domains pointing to this VM (let us call them abc.com and xyz.com). Each of our tenant gets a unique sub-domain URL from one of these domains.
In our IIS installation no domains are explicitly defined - as a result, when a request hits the IIS, as no domains are defined, all requests are automatically routed to the default site.
With this arrangement, we are able to serve a any number of sub-domains for each of the primary domains pointing to the VM without having to explicitly create these sub-domains. For example, t1.abc.com, t2.abc.com, t3.xyz.com, t4.xyz.com are all served by our application without having to create these sub-domains in IIS instance.
In our application, when we get the request, by checking the requested URL, we can easily identify the tenant from which the request is coming. All further data access is automatically restricted to the data created by the particular tenant.
Issue
We need to provide secure communication to all our application users through SSL. We can purchase wildcard SSL for each of the domains (viz abc.com, xyz.com). Now the issue is, how do we deploy multiple SSLs on a single website/application defined in IIS?
This will require us to have two separate sites defined in IIS for abc.com and xyz.com. Unfortunately, these will not be "catch-all" sites for the corresponding sub-domains. By default, IIS allows only one "catch-all" site.
From what I understand from some of the posts, we can have multiple "catch-all" site (for separate domains) in IIS, provided each of them is bound to a separate IP address. Though I could not find any document providing the steps for the same. Can someone point me to the document / steps for doing this?
It is not necessary to have 2 separate boxes for abc.com and xyz.com domains. You can request your CA to combine all DNS records into single SSL certificate with all required Subject Alternative Names SAN.
We also ran into this problem before and SAN certificate worked really well with our multi-tenant configuration. I would also recommend to use load balancer like Nginx for SSL offload to serve your client faster and even more secure. In this case you can just point new client to the Load Balancer.
I have one website configured for Windows Server 2012 IIS 8. This one website can be accessed by xyz.com or abc.com (2 different top level domain names). Is it possible to configure SSLs for both?
Yes. You can configure two different domains with two different certificates for the same IP and port no(443). After providing the domain name in Binding, enable check box Require Server Name Identification(IIS8). If you do not enable this check box, two websites will have the same single certificate, if you change one website binding file, it will reflect in other website also.. I have experienced.
Please refer below link.
http://www.orcsweb.com/blog/fred/host-different-ssls-on-one-ip-with-iis-8-sni/
As Windows Azure web site is powered by IIS, you can see from the offerings that it is possible to bind multiple SSL to a single site,
http://azure.microsoft.com/en-us/pricing/details/web-sites/#web-sites
The trick is to use SNI,
http://www.iis.net/learn/get-started/whats-new-in-iis-8/iis-80-server-name-indication-sni-ssl-scalability
Yes you can add multiple https bindings each with their own separate ssl certificate to the same site in IIS. However you'll want to bind them to separate IP addresses so that the certificate for xyz.com is bound using the IP address for xyz.com, and the certificate for abc.com is bound using the IP address for abc.com. But frankly, it'd be better practice to have one redirect to the other, or just make 2 sites in IIS and keep everything separate.
I am trying to log DNS "leaks", in other words the DNS servers used by visitors to my web site.
How does one figure out which DNS server a web request came from to my server (i.e. the getting DNS leaks). This website dnsleaktest.com does it, it knows which DNS server I am coming from? How? It should only be able to know some stats about my browser, and maybe the HTTP referer. How does it know my DNS server?
What is being exploited, used? Or what is the traffic flow from my browser to this server, and where in that flow is dnsleaktest able to get this information?
That's not that easy.
What dnsleaks probably does - they have their own authoritative DNS server, javascript on their websites queries various randomly-generated subdomains of their domain, and on their DNS server they monitor where requests to those randomly-generated subdomains come from.
To do it, you need some domain hosted on your own DNS servers (not servers provided by your registrar or a hosting provider). You need to monitor queries to this server - can be done if you parse your DNS server logs or have your own DNS server software, or if your DNS server provides some API hooks to see the incoming requests. Then you write a script for your sites which queries various subdomains, and tells server-side script on your website which subdomain requests it should monitor. The server-side script in turn talks to the DNS server.
All the above is an unverified guess. I see no other way to do it.
I have been attempting to set up magento on a shared hosting server that doesn't support innoDB, ergo its not been possible. The domain I want to use has also been registered with this rubbish hosting provider. (one[dot]com for anyones reference). So I thought I would be able to point this domain to a different hosting provider that DOES support it, but one[dot]com doesnt allow me to change nameservers for the domain. They just said this:
You can only setup IP address, CNAME and web forwarding in our DNS settings but not change of nameservers
Would there be any way to change any of these settings or the .htaccess file so that, for example
http://www.mydomain.com/folder/page.php?query=string
Would display a page from the other server
http://xxx.xxx.xxx:xx/folder/page.php?query=string
I've created loads of sits doing all sorts but never really needed to other with the domain administration side of things.
You don't need to change name servers to map a domain to a different server. If the "good" provider supports it (i.e. allows you to register a domain on the server that isn't hosted by the company), just switch the A and MX records to the new server's IP address.
You do need the cooperation of the "good" provider for this, though.
If they're letting you set up the IP address, then setting the IP address of www.mydomain.com to xxx.xxx.xxx.xx should do the trick. On the other server, you'll need its webserver to be set up to serve www.mydomain.com as a virtual domain - if you're using a hosting provider they should do this for you; if not it should be fairly easy to set up (consult the manual of whichever web server software you're using).