Subdomains treated almost as domains...

P

panosru

Verified User
Joined
Oct 8, 2006
Messages
70
Location
Greece
Hello, before I start I'm aware of this post,

My request is that subdomains should be isolated from the domains and not be just a folder under public_html folder.

A case of example, I create subdomain.example.com and I don't want it to be accessible from example.com/subdomain

A more realistic case as a web developer I build RIA apps where lot of times I need something like api.example.com sso-auth.example.com etc

if we say that 1 RIA app has the following structure:

Code: 
root/
    libraries/
    src/
    public_html/

Then if we say that we have the following domain / subdomains: example.com, api.example.com and sso-auth.example.com we will have this structure (I exclude folders like private_html public_ftp etc since they are not needed in this example):

Code: 
example.com/
    public_html/
        api/
        sso-auth/

With the above we will be able to access our main application from example.com domain, our API container from api.example.com and example.com/api and our sso authentication system from sso-auth.example.com and example.com/sso-auth

What we end up is double log and statistic records because of the way subdomains treated but the worst is that we end up with this structure:

Code: 
example.com/
    libraries/
    src/
    public_html/
        api/
            libraries/
            src/
            public_html/
        sso-auth/
            libraries/
            src/
            public_html/

So where is the problem with this structure? from security perspective folders like libraries and src should not be under public folder for any reason so having those folders under public folder is a great security risk. From architecture perspective the document root for any cases should be public_html so the document root for the domain / subdomains should be like this:

example.com -> example.com/public_html
api.example.com -> example.com/public_html/api/public_html
sso-auth.example.com -> example.com/public_html/sso-auth/public_html

The above is actually meaningless since even if subdomains will have their own document root they will be still accessible by their parent domain which is example.com


I could provide more cases in order to prove wrong the current subdomain treatment if you like.

For all the above I know there are ways to change for example customize vhosts, .htaccess files in order to deny example.com/subdomain type access and adding custom document root and etc but the case is to do those things automatically.


From what I though the best way to treat subdomains would be same as domains, for example the following structure I think would be great:

again imagine we have example.com, api.example.com and sso-auth.example.com under admin user currently we have this (I exclude the folders admin_backups, Maildir, user_backups, imap or any other folder not related to the example):

Code: 
/home/admin/domains/example.com/public_html/
/home/admin/domains/example.com/public_html/api/
/home/admin/domains/example.com/public_html/sso-auth/

What I suggest is to use this structure:

Code: 
/home/admin/domains/example.com/public_html/
/home/admin/subdomains/api/public_html/
/home/admin/subdomains/sso/public_html/

and a full structure would be something like this:

Code: 
/home/admin/admin_backups/
/home/admin/domains/example.com/
/home/admin/domains/example.com/private_html
/home/admin/domains/example.com/public_ftp
/home/admin/domains/example.com/public_html
/home/admin/domains/example.com/logs
/home/admin/domains/example.com/stats
/home/admin/subdomains/api/private_html
/home/admin/subdomains/api/public_ftp
/home/admin/subdomains/api/public_html
/home/admin/subdomains/api/logs
/home/admin/subdomains/api/stats
/home/admin/subdomains/sso-auth/private_html
/home/admin/subdomains/sso-auth/public_ftp
/home/admin/subdomains/sso-auth/public_html
/home/admin/subdomains/sso-auth/logs
/home/admin/subdomains/sso-auth/stats
/home/admin/Maildir/
/home/admin/user_backups/
/home/admin/imap/
/home/admin/imap/example.com
/home/admin/imap/api.example.com
/home/admin/imap/sso-auth.example.com
/home/admin/public_html -> /home/admin/domains/example.com/public_html

I'm sure some people with argue with me that the above will ad a complexity which for those who will argue with me is not needed but I insist that is needed, just think about the fact that internet is not like 5 - 10 years ago just a bunch of html/php pages with some css, js and images in it, things have changes, check around not only php frameworks use architectures like MVC, DDD, CQRS but also we have js mvc frameworks (check backbone etc) we have css frameworks like compass-style with a proper structure what I mean is that nowadays web applications follow some structures that are proven to be working and developers follow those structures to architect their projects better, developers are not related to server administration or stuff like that they won't do any vhost configurations or any extreme .htaccess files they will do what they know best and this is not server configuration :)


And to conclude one thing more (you can take is as extra feature) is to give the ability up-on domain or subdomain creation to specify custom document root in case we don't want public_html as a name but we need for example public, or web or front etc to be able to do so :)
 
Last edited:
I actually like this request, i would very prefer to have the ability to "divide" for example domain.tld/forum from forum.domain.tld.

There is still not an official way or this feature and i would like that aswell.

But for now, take a look on a workaround ive used time ago and was working (not using anymore cause i prefer a da standard for that).

virtual_host2_sub.conf
Code: 
|?DOCROOT=`HOME`/domains/`SUB`/public_html|
|?OPEN_BASEDIR_PATH=`HOME`/:/tmp:/var/tmp:/usr/local/lib/php/|
<VirtualHost |IP|:80 |MULTI_IP|>
|CUSTOM|
|?CGI=ScriptAlias /cgi-bin/ `DOCROOT`/cgi-bin/|
        ServerName www.|SUB|.|DOMAIN|
        ServerAlias www.|SUB|.|DOMAIN| |SUB|.|DOMAIN| |SERVER_ALIASES|
        ServerAdmin |ADMIN|
        DocumentRoot |DOCROOT|
        |CGI|

        |USECANONICALNAME|

        SuexecUserGroup |USER| |GROUP|

        CustomLog /var/log/httpd/domains/|DOMAIN|.|SUB|.bytes bytes
        CustomLog /var/log/httpd/domains/|DOMAIN|.|SUB|.log combined
        ErrorLog /var/log/httpd/domains/|DOMAIN|.|SUB|.error.log
        <Directory |DOCROOT|>
                Options +Includes -Indexes
|*if CLI="1"|
                php_admin_flag engine |PHP|
                <IfModule !mod_php6.c>
                        php_admin_flag safe_mode |SAFE_MODE|
                </IfModule>
                php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f |USER|@|DOMAIN|'
|*endif|
|*if OPEN_BASEDIR="ON"|
                php_admin_value open_basedir |OPEN_BASEDIR_PATH|
|*endif|
|*if SUPHP="1"|
                suPHP_Engine |PHP|
                suPHP_UserGroup |USER| |GROUP|
|*endif|
        </Directory>
|HANDLERS|
|MIMETYPES|

</VirtualHost>

virtual_host2_secure_sub.conf
Code: 
|?CGI=ScriptAlias /cgi-bin/ `HOME`/domains/`SUB`/public_html/cgi-bin/|
|?DOCROOT=`HOME`/domains/`SUB`/private_html|
|?OPEN_BASEDIR_PATH=`HOME`/:/tmp:/var/tmp:/usr/local/lib/php/|
<VirtualHost |IP|:443 |MULTI_IP|>
|CUSTOM|
        SSLEngine on
        SSLCertificateFile |CERT|
        SSLCertificateKeyFile |KEY|
        |CAROOT|

        ServerName www.|SUB|.|DOMAIN|
        ServerAlias www.|SUB|.|DOMAIN| |SUB|.|DOMAIN| |SERVER_ALIASES|
        ServerAdmin |ADMIN|
        DocumentRoot |DOCROOT|
        |CGI|

        |USECANONICALNAME|

       SuexecUserGroup |USER| |GROUP|

        CustomLog /var/log/httpd/domains/|DOMAIN|.|SUB|.bytes bytes
        CustomLog /var/log/httpd/domains/|DOMAIN|.|SUB|.log combined
        ErrorLog /var/log/httpd/domains/|DOMAIN|.|SUB|.error.log

        <Directory |DOCROOT|>
                Options +Includes -Indexes
|*if CLI="1"|
                php_admin_flag engine |PHP|
                <IfModule !mod_php6.c>
                        php_admin_flag safe_mode |SAFE_MODE|
                </IfModule>
                php_admin_value sendmail_path '/usr/sbin/sendmail -t -i -f |USER|@|DOMAIN|'
|*endif|
|*if OPEN_BASEDIR="ON"|
                php_admin_value open_basedir |OPEN_BASEDIR_PATH|
|*endif|
|*if SUPHP="1"|
                suPHP_Engine |PHP|
                suPHP_UserGroup |USER| |GROUP|
|*endif|
        </Directory>
|HANDLERS|
|MIMETYPES|

</VirtualHost>

subdomain_create_pre.sh
Code: 
#!/bin/sh

ORIG_PUB_SUB_PATH="/home/$username/domains/$domain/public_html/$subdomain"
ORIG_PRV_SUB_PATH="/home/$username/domains/$domain/private_html/$subdomain"
BK_SUB_PATH=/home/$username/domains/$domain/public_html/$subdomain_bk"
BK_PUB_SUB_PATH=$BK_SUB_PATH/public_html"
BK_PRV_SUB_PATH=$BK_SUB_PATH/private_html"

if [ -d /home/$username/domains/$domain/public_html/$subdomain ]; then

        mkdir $BK_SUB_PATH
        mkdir $BK_PUB_SUB_PATH

        mv $ORIG_PUB_SUB_PATH/* $BK_PUB_SUB_PATH/

        if [ -d /home/$username/domains/$domain/private_html/$subdomain ]; then

                mkdir $BK_PRV_SUB_PATH
                mv $ORIG_PRV_SUB_PATH/* $BK_PUB_SUB_PATH/

        fi

else

        if [ -d /home/$username/domains/$domain/private_html/$subdomain ]; then

                mkdir $BK_SUB_PATH
                mkdir $BK_PRV_SUB_PATH
                mv $ORIG_PRV_SUB_PATH/* $BK_PUB_SUB_PATH/
        fi

fi

subdomain_create_post.sh
Code: 
#!/bin/sh

ORIG_PUB_SUB_PATH="/home/$username/domains/$domain/public_html/$subdomain"
ORIG_PRV_SUB_PATH="/home/$username/domains/$domain/private_html/$subdomain"
SUBDOMAIN_PATH="/home/$username/domains/$domain/$subdomain"
BK_SUB_PATH=/home/$username/domains/$domain/public_html/$subdomain_bk"
BK_PUB_SUB_PATH=$BK_SUB_PATH/public_html"
BK_PRV_SUB_PATH=$BK_SUB_PATH/private_html"

mkdir -m 711 $SUBDOMAIN_PATH
mkdir -m 750 $SUBDOMAIN_PATH/public_html
mkdir -m 755 $SUBDOMAIN_PATH/public_html/cgi-bin
mkdir -m 750 $SUBDOMAIN_PATH/private_html
mkdir -m 755 $SUBDOMAIN_PATH/private_html/cgi-bin
mv $ORIG_PUB_SUB_PATH/* $SUBDOMAIN_PATH/public_html/
mv $ORIG_PUB_SUB_PATH/* $SUBDOMAIN_PATH/private_html/
chown -R $username:$username $SUBDOMAIN_PATH
rm -rf $ORIG_PUB_SUB_PATH/*
rm -rf $ORIG_PRV_SUB_PATH/*

if [ -d $BK_SUB_PATH ]; then

        if [ -d $BK_PUB_SUB_PATH ]; then

                mv $BK_PUB_SUB_PATH/* $ORIG_PUB_SUB_PATH/
                chown -R $username:$username $ORIG_PUB_SUB_PATH

        fi

        if [ -d $BK_PRV_SUB_PATH ]; then

                mv $BK_PRV_SUB_PATH/* $ORIG_PRV_SUB_PATH/
                chown -R $username:$username $ORIG_PRV_SUB_PATH

        fi

        rm -rf $BK_SUB_PATH

fi

subdomain_delete_pre.sh
Code: 
#!/bin/sh

ORIG_PUB_SUB_PATH="/home/$username/domains/$domain/public_html/$subdomain"
ORIG_PRV_SUB_PATH="/home/$username/domains/$domain/private_html/$subdomain"
BK_SUB_PATH=/home/$username/domains/$domain/public_html/$subdomain_bk"
BK_PUB_SUB_PATH=$BK_SUB_PATH/public_html"
BK_PRV_SUB_PATH=$BK_SUB_PATH/private_html"

if [ -d /home/$username/domains/$domain/public_html/$subdomain ]; then

        mkdir $BK_SUB_PATH
        mkdir $BK_PUB_SUB_PATH

        mv $ORIG_PUB_SUB_PATH/* $BK_PUB_SUB_PATH/

        if [ -d /home/$username/domains/$domain/private_html/$subdomain ]; then

                mkdir $BK_PRV_SUB_PATH
                mv $ORIG_PRV_SUB_PATH/* $BK_PUB_SUB_PATH/

        fi

else

        if [ -d /home/$username/domains/$domain/private_html/$subdomain ]; then

                mkdir $BK_SUB_PATH
                mkdir $BK_PRV_SUB_PATH
                mv $ORIG_PRV_SUB_PATH/* $BK_PRV_SUB_PATH/
        fi

fi

subdomain_delete_post.sh
Code: 
#!/bin/sh

rm -rf /home/$username/domains/$domain/$subdomain
ORIG_PUB_SUB_PATH="/home/$username/domains/$domain/public_html/$subdomain"
ORIG_PRV_SUB_PATH="/home/$username/domains/$domain/private_html/$subdomain"
BK_SUB_PATH=/home/$username/domains/$domain/public_html/$subdomain_bk"
BK_PUB_SUB_PATH=$BK_SUB_PATH/public_html"
BK_PRV_SUB_PATH=$BK_SUB_PATH/private_html"

if [ -d $BK_SUB_PATH ]; then

        if [ -d $BK_PUB_SUB_PATH ]; then

                mkdir $ORIG_PUB_SUB_PATH
                mv $BK_PUB_SUB_PATH/* $ORIG_PUB_SUB_PATH/
                chown -R $username:$username $ORIG_PUB_SUB_PATH

        fi

        if [ -d $BK_PRV_SUB_PATH ]; then

                mkdir $ORIG_PRV_SUB_PATH
                mv $BK_PRV_SUB_PATH/* $ORIG_PRV_SUB_PATH/
                chown -R $username:$username $ORIG_PRV_SUB_PATH

        fi

        rm -rf $BK_SUB_PATH

fi

Those are the custom templates (first 2) and custom scripts (last 4) for have the subdomain stored in /home/USER/domains/DOMAIN/SUBDOMAIN.

I took those (and maybe edited a bit) from a post here on forum that i cant find now but maybe with few patience you can find.

Those script will move the folder created by directadmin for subodmian (public_html/subdomain) to the new path and remove those files when you remove the subdomain, Also, will check when removing a subdomain if public_html/subdomain exist, if yes will backup it (cause da will delete it cause is hard-coded) and restore the correct name once subdomain has been deleted (in case you had subdomain forum.domain.tld and another folder called domain.tld/forum that you dont wanna/need to remove when removing the subdomain).

Regarding the placeholder for a subdomain is in version but not ultimated: http://www.directadmin.com/features.php?id=1007

Hope this was helpful.

Regards
 
Hello Andrea, thanks for taking the time to reply on this request and I'm glad you like it, as I told in my first post I'm the webdev guy not too much into servers but I'm trying to learn, I think so far I'm doing good since I understood your reply very well :) Regarding your workaround it seems to be nice :) I did something (not as good as your's example) similar but I did it just for test, as you also mention I prefer to follow da standards :)

I hope my request will be processed by da in the future so we could have all this functionality by default :)

Also thanks for pointing out a case I haven't though! So in current DA structure you can't have different content in forum.example.com and different content in example.com/forum, this is another case that adds +1 point to this request :) I hope more people will vote for this proposal since so far I haven't found any disadvantage of the structure I proposed :)

Thanks again!
 
I suppose that DA is having some trouble (or should have) on doing this way, if i dont remember bad they explained long time ago why they was not going (yet) to do this soon cause they had to study the solution well for not mess other things (maybe count or stats or dont remember :D).

I hope will be done, but, for sure the solution i gave you will work if that is urgent for you you can use, and, once da staff solve and make this a standard you should easly step-back.

Regards
 
SeLLeRoNe said:
I hope will be done, but, for sure the solution i gave you will work if that is urgent for you you can use, and, once da staff solve and make this a standard you should easly step-back.
Click to expand...

Really appreciate it :)

I hope DA solved the issue you mentioning and thought well so they will be able to implement the request, otherwise I will stick with your solution, I'm sure your post will help lot of people :)
 
Hello Andrea, I tried to use your workaround for this but when I created a subdomain I got this error:

Code: 
Unable to create subdomain
Details
Script output: subdomain_create_pre.sh

Do you have any idea why? Or where to look for more details? :)
 
I got tired of following all the detail but i do have one thing to add...
actually like this request, i would very prefer to have the ability to "divide" for example domain.tld/forum from forum.domain.tld.
Click to expand...
You can do that now. Create forum.domain.tld as a separate domain, and then forum.domain.tld will be separate from example.domain.tld./forum.

Jeff
 
Thanks for the info Jeff, to be honest I didn't knew it :)

So in other words you can use subdomains as domains and you can use a custom httpd command to set your own document root like this: |?DOCROOT=`HOME`/domains/`DOMAIN`/public_html/web| right?

I haven't tested it yet but since you say so... :)
 
@jlasman
Yes jeff but i would prefer to dont give to an user the ability to add the subdomain as new domain...

@panosru
Did you chmod files to 700?

Regards
 
Hello Andrea, sorry for taking so long I had some hard days :)

regarding the chmod, yes chmod is set to 700 for all files and chown diradmin:diradmin for all files as well, still I get the following error when I create subdomains:

Code: 
Unable to create subdomain
Details
Script output: subdomain_create_pre.sh
 
Would be awesome, like plesk has as default. Myself added a extra_host.conf in the apache config include wherein I made things like

<VirtualHost *:80>
ServerName sub.domain.nl
DocumentRoot /home/admin/domains/domain.nl/subdomains/sub
</VirtualHost>

etc... then I made a wildcare * A dns entry. But yes, if this would be the default, awesome :)
 
Paul K said:
then I made a wildcare * A dns entry. But yes, if this would be the default, awesome :)
Click to expand...
Before suggesting default wildcards carefully read this (wikipedia.org) Wikipedia entry. Bottom line is that putting in a wildcard can block other DNS entries from working as you'd expect.

Jeff
 
You must log in or register to reply here.
Back
Top