server.hostdomain.com/~userdomain.com - Possible Solution

V

Vibe

Verified User
Joined
Aug 3, 2005
Messages
124
Hello everyone!

I have been working on a solution for shared SSL for my dedicated server for a while. John from DirectAdmin has been EXTREMELY helpful by suggesting an option to replace server.hostdomain.com/~username with server.hostdomain.com/~userdomain.com. I have seen several posts where others have expressed the desire for this option so I thought I would share what I have thus far (not completely functional yet, but close).

John suggested that I create a user/domain symbolic link table to utilize with the AliasMatch statement in the httpd.conf file (/etc/httpd/conf/httpd.conf).

John suggested the following:

1. Make an aliases directory e.g /etc/httpd/"aliases" (without ""). This directory would contain all the symbolic links that will allow for server.hostdomain.com/~userdomain.com.

2. To create the symbolic links when creating a new domain, add to, or create a script in the /usr/local/directadmin/scripts/ directory called "domain_create_post.sh" - You may have one there already. The script would look like:

#!/bin/sh
ln -s /home/${username}/domains/${domain}/public_html /etc/httpd/aliases/${domain}
exit 0;

When you create a new domain, the symbolic link will automatically appear in your new aliases directory from step 1.

3. Edit the AliasMatch section in your httpd.conf file (/etc/httpd/conf/httpd.conf). You will see two "VirtualHost" sections towards the end (http & https) that have the following line:

AliasMatch ^/~([^/]+)(/.*)* /home/$1/public_html$2

Change the path to point to your new aliases directory in /etc/httpd/aliases:

*** This is where my issue arises :) ***

I have the following:

AliasMatch ^/~([^/]+)(/.*)* /etc/httpd/aliases/$1

After restarting Apache, I enter the URL http://server.hostdomain.com/~userdomain.com in my browser and am taken to a 403 error page (You are not authorized to view this page).

I noticed that the symbolic link in the new aliases directory was user/group = root/wheel (FreeBSD 4.11).

My Apache error log file shows:

Directory index forbidden by rule: /etc/httpd/aliases/~userdomain.com/

Does anyone think that the file permissions need to be changed to make this happen, or is my syntax in the new AliasMatch statement off. This is SO CLOSE to working, I hope someone hops with any suggestions that might work.

P.S.
In case anyone doesn't know by now...the support with DA is FANTASTIC. Over the past few days John has answered my email support requests with extremely detailed suggestions that I know take some time to deal with. DA and the support given are definitely A+ :).
 
We have been using the ~username for some time without any issues. However, for security purposes I would rather not be displaying usernames - better to go with ~userdomain.com. This would definitely be great to implement. Any luck?
 
I have been playing around with the permissions in /etc/httpd/aliases without much success. I think the issue has something to do with the AliasMatch statement in /etc/httpd/conf/httpd.conf:

AliasMatch ^/~([^/]+)(/.*)* /home/$1/public_html$2

I will try some different things with the syntax. However, since my expertise with Apache syntax is nowhere near my beer consumption skill set, it may be a while :p.
 
Have you tried setting username:usergroup of the symbolic links you create in the domain_create_post.sh script to apache:apache or chmod the symbolic link 777 ?

Code: 
#!/bin/sh
ln -s /home/${username}/domains/${domain}/public_html /etc/httpd/aliases/${domain}
chmod 777 /etc/httpd/aliases/${domain}
chown apache:apache /etc/httpd/aliases/${domain}
exit 0;
 
I just tried your suggestion - thank you by the way :)

I added your new lines of code into the script and made a test domain. The symbolic link was created, but for some reason the user:group statement had no effect. I went ahead and manually change the group to apache and even while logged in as root I am unable to change the ownership of the link to apache. Weird???

Thinking that maybe it was a permissions issue on the aliases folder itself, I went ahead and changed these to apache:apache - still no luck.

I tried the link through a browser and received the same 403 error message. Uggg...gotta love troubleshooting :D
 
I'd do it this way:

I would simply create subdirectories under /var/www/html as follows:

example.com.

Can be owned by example.com's username, with permissions of 755.

Then I'd create in each user's public_html directory a link:

# ln -s /var/www/example.com secure

Then tell your users to put their secure site "stuff" in their secure directory.

(Note that all content will have to be in that directory or subdirectories thereof; using links to the main directory structure such as ../images won't work.)

Browsers will have to visit:

https://www.yourlocation.com/example.com/

without the "~" character.

Jeff
 
Thanks Jeff! That sounds like an excellent way to make this happen. I think the permissions are where I am running into problems, which I can see being resolved your way.

However... :)

Several of my clients are using osCommerce so I have set them up to use a single directory "public_html" (vs. public & private) to make things easier as far as updating their catalog/products sections. If I forced them to use two directories I can see where problems would arise (most of my clients are not very experienced in this area).

You have given me an idea that I am going to try out. If it works I will post back to share what I have learned.

Thanks everyone for the assistance!

Michael
 
easy

There is a much easier way and you dont do it on a per user basis.

Login as admin, go to Custom HTTP config.
Choose your secure domain.
Add:

AliasMatch ^/~([^/]+)(/.*)* /home/$1/public_html$2

Cheers
Barry
 
What if you don't want everyone to use it, but instead do want to use it on a per-user basis ;) ?

And what if your secure domain isn't the only domain owned by it's user?

In either cases your suggestion is a bit too simplistic.

Jeff
 
You must log in or register to reply here.
Back
Top