Forum OpenACS Q&A: Re: How to use/configure Host Node Map

Collapse
Posted by Torben Brosten on
This thread seems somewhat related: https://openacs.org/forums/message-view?message_id=2910725 but I'm not sure

I see that there really needs to be two parameters like Force_Host_p:

1. Force_Host_p (scope: Server-wide). On user registration, forces all SSL and logged-in connections to the host's main domain (as it is does now).

2. Force_Node_p (scope: each site-node or main-site). Forces www.site-node-mapped-domain and site-node-mapped-domain to use one or the other consistently for session continuity with cookies (not implemented).

Does this make sense, or does Ded's code from the referenced thread automatically fix behavior to be consistent with Force_Node_p ?

Collapse
Posted by Richard Hamilton on
Torben,

I have used virtual hosting a lot and over the years have read most of what there is to read about the options.

Leaving aside the outdated stuff, as you probably know Aolserver4.x has the ability to run multiple virtual host sites from a single config.tcl file. This represents a convenient method of keeping all servers within the master Aolserver process and conserves resources.

Advantages are that you can open pools to multiple databases which means that you can keep your clients' data separated at the database level. I think you can also implement logging at the server level. One downside is that you cannot bring any one server down independently without shutting down the whole shooting match.

The host-node map offered a means of mapping a subsite to a domain, but if I understand it correctly it relies on the request processor to do the redirecting. This means that all the reverse proxy logic and the security of the implementation is all taking place in the tcl layer. The only thing preventing a user of one subsite being able to see unrelated data from another subsite is the OpenACS code. Whilst this is probably extremely reliable, there is no backstop if you know what I mean.

Also, if the aolserver process hangs up, or is busy, or has maxed-out on requests for some reason, ALL your sites are down rather than just one. You can't re-start just one site without bringing everything down. If you suffer some data corruption it affects all sites. If you want to implement https listeners for every subsite, you'll have to hack the openssl code in OpenACS because at the moment it doesn't support multiple listeners as per the nsopenssl spec.

http://www.rubick.com/openacs/easy_virtual_hosting

I have had a look for some of the docs I have read in the past, and many of them have vanished!

Personally, I use Pound reverse proxying to seperate Aolserver processes to keep everything seperate for security reasons (every process runs under a different os user account and os permissions protect each server from the others). For a load of small static sites, or otherwise where security is not an issue, the built in host-node map should come in handy. I confess that the last time I tried it was in OpenACS 4.6.3 and it didn't work properly! :-|

I don't know if any of this is helpful but I thought I'd post anyway.

Regards
Richard