[BlueOnyx:15258] Re: SSL change after updates?

Matt James matt at rainstorminc.com
Wed Apr 23 13:35:57 -05 2014 

Hello all,

I'm terribly sorry to delay on responding to this.  I honestly didn't see these messages come in and was a little disappointed thinking the discussion never got picked up.  Thanks to all of you for proving me wrong and being awesome! :)

To throw in my 2 cents:

We are doing something similar to Drupal in that we have a database containing all the subdomains the users of our SaaS product have set up -- each customer gets their own subdomain for their site.  So, when you go to a subdomain that doesn't exist, we catch it at the application level rather than the Apache level.

In our setup, we use the vhost include file to add rules allowing Apache to pass through wildcard subdomains.

	Example: /etc/httpd/conf/vhosts/site1.include

		ServerAlias *.domain.com

In DNS, we use the named include file to add a wildcard A record.

	Example: /var/named/chroot/var/named/db.domain.com.include 

		*.domain.com.     in a 123.456.789.0

Both of these workarounds have helped us in the past, but the trick is that the apache file for SSL no longer lets through the wildcard traffic.

Ideally, we'd love for the BlueOnyx admin to allow for wildcard host names, but if that's a big issue, we'd be OK to use the include file method I described above.  Ie, if the SSL vhost file that gets generated by BlueOnyx would give us a way to insert our own custom vhost include file, we could probably figure it out from there.  The main issue is that we just don't have control in that stack right now.

Does that make sense?

Thanks again to all of you -- sorry to drum up an old topic.  It's still something we'd love to figure out.

--
Matt James
RainStorm, Inc
(207) 866-3908 x54

On Mar 28, 2014, at 6:48 AM, gkuhnert at compassnetworks.com.au wrote:

> 
> 
> Sent from my iPad
> 
>> On 28 Mar 2014, at 1:53, "Michael Aronoff" <maronoff at gmail.com> wrote:
>> 
>> Eric Wrote:
>>> Bind can use wildcards.  
>> 
>> Keep in mind that if you use wildcard the way you propose people could start
>> using unauthorized links to your sites.
>> 
>> Say you run company.com, someone could use a link like assholes.company.com
>> or crap.company.com and those links would work!
> 
> Not totally correct. One implementation I have seen on drupal presents a totally different site for each subdomain. If a hostname does not exist, it does a 403 type error. Basically, it moves the vhost configuration layer into drupal.
> 
> Regards,
> Greg.
> 
> 
> _______________________________________________
> Blueonyx mailing list
> Blueonyx at mail.blueonyx.it
> http://mail.blueonyx.it/mailman/listinfo/blueonyx

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20140423/a84324ff/attachment.html>

More information about the Blueonyx mailing list