[BlueOnyx:24982] Re: 5210R: Vsite and User Subdomains revisited - now with SSL

Michael Stauber mstauber at blueonyx.it
Thu Jul 1 14:29:18 -05 2021 

Hi all,

Meaulnes recently asked me about how to make a users /web directory
reachable via Apache again:

>> on the 5209R, users had their own webspace reachable at
>> www.domain.tld/~uname/
>>
>> now on the 5210R, this isn't possible. [...]
>
> The easiest way would be to make uname.domain.tld not a separate Vsite,
> but a subdomain under www.domain.tld itself.

This has been a somewhat bigger issue. In the past we had user owned
/web spaces available via http(s)://<FQDN>/~<username/, but we had to
drop that feature due to architectural changes, permission changes,
security issues and what not.

So I looked at making user owned /web space available again as Subdomain
of the Vsite that the user belongs to. This now works and it works
better than ever due to other various changes in Subdomain handling.

Subdomains can now have SSL enabled, provided you request a Let's
Encrypt Cert via the GUI, have the feature "SSL for Subdomains" enabled
*and* include the name of the Subdomain in the "SSL domain aliases"
field while requesting the LE SSL cert.

Or: If you have a wildcard SSL cert from a third party, then you can use
that instead.

Additionally PHP now works correctly for subdomains. It uses the same
PHP settings of the Vsite. However, at this time only using suPHP for
the Vsite will make sure that the PHP scripts of the user run with the
UID of the user of the subdomain. Otherwise the scripts will be run with
the UID of the siteAdmin who is configured under "Web Ownership" of the
Vsite itself.

How to create a Subdomain for a user? Simple: Under "Services" / "Sub
Domains" make sure that the Vsite has the feature Subdomains enabled.

Then go the the page where you edit the details of a Vsite user. For
each user that should have a subdomain tick the checkbox "User Sub
Domain". The user will then find a /web in his home directory to which
he can upload his webpage via (S)FTP, SCP or Rsyc. Provided the user
*has* at least 'Chrooted SFTP, SCP or Rsync' access enabled. :p

That should do it.

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list