Forum OpenACS Q&A: Multiple domains on same server/ip

The /web/yourserver/tcl directory of the main site is shared with all the
children but each child has their own copies of all the other files.

Last I heard there was a user registration problem with this.

Can it be done? Yes: checkout

• http://www.mydomain.com/
• http://dnsix.namesdirect.com/

Both sites use the same ACS4.2 install. Both use mostly the same set of scripts, but separate template (.adp) directories. Actually they even share a lot of adp files, but with different configurations based on the domain name. This involves quite a lot of hacking on top of acs, and a few changes to the templating system.

For a number of small sites on one OACS4.5b1, only one using OACS, checkout:

• http://segwayfocus.com/
• http://negeen.com/
• http://caffeumbria.com/
• http://zmbh.com/

These sites use my Virtual Abstract Templating module. Caffeumbria is using the templating part at http://caffeumbria.com/blends/. The VAT module is available from http://zmbh.com/vat/

One thing that was possible in the 3.x series of OACS was to use separate database pools per server with my module. This is because my module would set the server parameter, and pools in ACS are pulled from [ns/server/$server/db] and ACS parameters are pulled from [ns/server/$server/acs]. I have not checked it this is still possible in 4.5, probably it is not.

Make sure your web sites are in /web

talli

Jade - I think it was the Fresh Pot but I didn't see the article myself.  Personally I'm surprised that Seattle made the list at all :)

- nsvhr/nssock works. However, I don't like it, because it doesn't proxy, it redirects. For example, if I run a master server on port 80 and slave on 81, a request for http://foo.com/ immediately gets redirected to http://foo.com:81/ This is ugly and really not doing anything more than I could do with a META REFRESH= tag in an index.html page.

- nsvhr/nsunix is buggy. Sometimes it works, sometimes it doesn't...core dumps, etc. Dead end unless someone smarter than I fixes it.

- SQUID seems like it would be an ideal solution, but the documentation and examples for implementing it as a reverse proxy are slim and I gave up trying to get it to work.

- I didn't try any of the tcl-based solutions, as I decided I would prefer a proxy solution giving each domain it's own OACS instance.

- AOLserver4 supposedly has built-in virtual servers. I downloaded the beta, compiled it, installed it, no mention of virtual servers at all that I could find. Dead end.

- Apache works, as advertised. I simply set up an httpd listening on port 80, and used the NameVirtualHost directive as per the examples here: http://httpd.apache.org/docs/vhosts/examples.html This was a last resort for me because It seemed dumb to have to set up two brands of http servers to do what seemed like a simple task, but I guess that's life.

So my final configuration is:

- All domains have DNS entries pointing to the same IP

- Apache listens on port 80 and proxies via VirtualHost

- Each domain has it's own nsd/oacs instance, listening on localhost:81, localhost:82 etc.

This is probably not very scalable, but for me it's going to be a max of maybe half-dozen low traffic domains, and I'm fairly certain it will scale that far at least. On the plus side it is extremely flexible, if a site starts getting lots of traffic it would be trivial to pass all or some of it off to other machines.

For anyone interested here's a psuedo section from my httpd.conf file, everything else in that file is pretty much standard:
NameVirtualHost 1.2.3.4 <VirtualHost 1.2.3.4> ServerAdmin webmaster@domain1.com ServerName domain1.com ServerAlias *.domain1.com ProxyPass / http://localhost:81/ ProxyPassReverse / http://localhost:81/ ErrorLog logs/domain1.com-error_log CustomLog logs/domain1.com-access_log common </VirtualHost> <VirtualHost 1.2.3.4> ServerAdmin webmaster@domain2.com ServerName domain2.com ServerAlias *.domain2.com ProxyPass / http://localhost:82/ ProxyPassReverse / http://localhost:82/ ErrorLog logs/domain2.com-error_log CustomLog logs/domain2.com-access_log common </VirtualHost>
Ivan

I've read the techniques mentioned at https://openacs.org/bboard/q-and-a-fetch-msg.tcl?msg_id=0004TP&topic_id=11&topic=OpenACS. In review of the thread (and linked info):

• technique: Tom Jackson's VAT vhosting module
• notes:
  • multiple sites using 1 AOLserver port sharing the same OpenACS (any version),
  • limited documentation available
• questions: Allows for different templates with each domain under OpenACS 4.5?

• technique: NSVHR hosting with AOLserver
• notes:
  • uses AOLserver as reverse proxy and requires 1 additional AOLserver per domain,
  • each OpenACS site is independent,
  • also integrates with Tom Jackson's VAT technique,
  • apparent future plans include switching the reverse-proxy AOLserver to Apache
• questions: Does patch work for AOLserver 3.4.x? (this technique uses patch with AOLserver3.3ad13)

• technique: Histand's Apache/AOLserver implementation
• notes:
  • uses Apache as reverse proxy and requires 1 AOLserver per domain,
  • each OpenACS site is independent
• questions: Is this the arrangement used at the test servers openacs.hub.org and openacs1.hub.org?

Has anyone tried using Tom Jackson's VAT hosting module in conjunction with OpenACS 4.5's subsite package, so that for example:

domain1.com resolves to domain1.com (the primary is just another instance of subsite)
domain2.com resolves to domain1.com/subsite2/
domain3.org resolves to domain1.com/subsite3/

For clarification purposes, so that resolving occurs without redirects:

domain2.com appears as serving from domain2.com in browser, search engines etc.
domain3.com appears as serving from domain3.com etc. etc.

My understanding of the requirement for multiple instances of AOLserver comes from http://www.theashergroup.com/tag/articles/nsvhr/virtual-hosting-howto.adp#nsvhr-how. For clarity, isn't Tom Jackson's VAT required to share multiple domains with one AOLserver instance, when using nsvhr?

<blockquote>domain1.com resolves to domain1.com (the primary is just another instance of subsite)
</blockquote>

<blockquote>domain2.com resolves to domain1.com/subsite2/
</blockquote>

<blockquote>domain3.org resolves to domain1.com/subsite3/
</blockquote>

The ProxyPass directive in the httpd.conf file takes an url with a wildcard on the end, this can literally be any url, it doesn't have to be a base url. The only restriction is, of course, that you can't redirect to lower-level urls, for example if a page on a virtual domain  served by domain1.com/subsite2/  redirected or even linked to domain1.com/foo you'd have a problem. domain1.com/subsite2/ needs to be designed as if that was the root level.

"If you have OACS installed, that means the request will the be picked up by the request processor. VAT doesn't work with or know about the OACS subsite module"--Tom Jackson

Hmm.. very interesting.. It seems like a contradiction to me, though, because I don't get the underlying principles of your explanation (yet).

From the subsites-requirements page:

"Subsites enable a single OpenACS instance to provide each subcommunity with its own 'virtual website' by assembling OpenACS packages that together deliver a feature set tailored to the needs of the subcommunity" (Vision Statement)

..At an implementation level this is primarily accomplished by having an application "scope" its content to a particular package instance. The request processor then figures out which package_id a particular URL references and then provides this information through the ad_conn api. (System Overview, Para 1)

.."The other piece of the subsite system is a subsite package that provides subsite admins a "control panel" for administering their subsite. This is the same package used to provide all the community core functionality available at the 'main' site which is in fact simply another subsite." (System Overview, para 2)

Since both VAT and subsites work with the request processor, I would imagine either the combination would work as hoped, there would be some kind of fatal error, or the virtual request through the VAT would be ignored by subsites... because it thinks it's a different animal (package_id). Ah ha! Is this what you are stating? If so, any suggestions on how I could get it to listen? Could the VAT recognize multiple package_id(s)?

I can see this application of VAT and subsites used to create a boston.officesite.com, newyork.officesite.com or client1.site.com, client2.site.com, or even mgt350.dotlrn.edu, syscidept.dotlrn.edu etc. etc. Using subsites (with templating) there could be all sorts of pre-made templates setup for creating small-communities on the fly...

[note: disregard question regarding openacs.hub.org etc. A link served from apache points to an AOLserver instance at a different port --I wasn't thinking clearly at that point ;)]

https://www.site.com/mysite/ and https://www.site.com/yoursite/

each from their own separate AOLserver process, simply by using a single www.site.com SSL certificate for both. But if you try to do the same for

https://mysite.site.com/ and https://yoursite.site.com/

it may run fine, but there is no way to do it and still have the SSL certificates match. Does that sound right?

*.site.com is literally that. IOW, if you use site.com, it will show as a bad certificate, but www.site.com or dev.site.com works fine. There are ways around it, but it is something to watch out for.

Also, be prepared to spend $$$

• I am not using 3.3ad I am using 3.4 and the patches don't work.
• Some of my proxies are to other machines which makes it impossible to use nsunix.
• It was easy to setup Apache and I was using Squirrelmail for a client which is really flaky on AOL/php.

I am getting rid of Squirrel so I don't need the overhead and complexity of Apache/PHP.

If I had time I would probably hack the nsvhr module to allow HTTPS, but I have to many other things on my plate. I would love to use a pure AOL solution, but Pound seems lightweight and secure so I am trying it.