Forum OpenACS Development: Re: Multiple DNS and subsites

8: Re: Multiple DNS and subsites (response to 7)

Posted by Iuri Sampaio on 08/23/16 04:04 AM

The solution seems a task for a proxy server but not entirely. I already set up in the Nginx, server settings, to the DNS http://eventeasy.iurix.com to redirect to http://iurix.com/eventeasy/
But, It seems the solution is one step further, in the application level. It requires something similar to example:

The user access eventeasy.iurix.com, OACS core notices the DNS is within hostnode's table, that the triple (eventeasy.iurix.com, 9589839, /eventeasy/)

OACS serves the entire subsite to the user as if it is /

In the worst scenario it would impact url's structure, and that means a core change.

Is there any other possibility?

9: Re: Multiple DNS and subsites (response to 8)

Posted by Benjamin Brink on 08/23/16 04:15 AM

With 5.7, maybe this variation will work for you:

In the past, with oacs-5.5 iirc, I ran multiple oacs sites from one ip address.

Each site was served from a different config.tcl, different port, different oacsroot file and different database; No host-node mapping.

A proxy server (apache proxy?) handled the calls between each domain:80 and each oacs:unique_port (forward and reverse).

If you try this, you might want to set the acs-tcl parameter SuppressHttpPort to 1 (and restart).

cheers,
Ben

10: Re: Multiple DNS and subsites (response to 9)

Posted by Benjamin Brink on 08/23/16 04:22 AM

ps, Know that host-node mapping tends to be unstable between releases. It requires extra time to periodically test and maintain between upgrades, because it is rarely tested before new releases (and apparently rarely used);

In addition to session issues, acs-core changes tend to break templating and some underlying ad_conn behavior used to generate forms, for example.

Proxy is most stable way to go.

12: Re: Multiple DNS and subsites (response to 10)

Posted by Gustaf Neumann on 08/23/16 01:24 PM

The right way to aim for a "stable" host-node mapping is to add tests to the regression test suite (after sorting out, what in detail is expected or not). The host-node mapping is (and was since ever) very limited, but it seems useful as it is for several sites.... but actually, i am not aware of site using it.

A much more general virtual hosting approach is available in NaviServer (run multiple servers from a single nsd process, which might or might not have the same blueprints), but that approach is not integrated with OpenACS, since in OpenACS we try to keep AOLserver compatibility.

All releases of OpenACS are tested thoroughly (regression test, OpenACS installation tests, DotLRN, frequently used packages, ...). In addition, OpenACS.org is running as close as possible on the HEAD release (currently the newest version of the oacs-5-9 branch), so on the 70 packages in use on OpenACS.org, bugs are earlier detected.

If someone finds a bug (in templating, core, ...) please submit a proper bug report, where this issue can be addressed. I am not aware of any changed "ad_conn behavior used to generate forms". Such changes would affect openacs.org substantially. Vague and nebulous statements are not constructive and do not help.

14: Re: Multiple DNS and subsites (response to 12)

Posted by Benjamin Brink on 08/23/16 06:05 PM

I'm sorry; I should have provided more context for my comments about the unstable nature of ad_conn in context of host-node mapping:

Since Uri is using aolserver 4.5, I mentioned our local experience with using host-node mapping with aolserver 4.5 --not naviserver.

site_node::conn_url was developed (in 2009 and submitted to acs-core) in order to work around the inconsistent behavior of ad_conn. It was meant to provide a consistent url depending on if it is called from a main site or when called from a host-node. However, changes in core dependencies caused it to break soon after also. A fix was again provided that worked locally, but it again broke on next release. iirc. CVS browser highlights some of the history and forum discussion on it.

Part of the issue had to do with inconsistent view of the purposes of some of the underlying code between core developers.

The core and maintenance process has matured significantly since then. I'm sure a re-examination and development of regression tests will stabilize the feature into something quite useful. I'll file a bug/suggestion shortly.

@Gustaf,

Yes. Regression tests should be added at some point to stabilize feature(s). I was going to re-visit this and provide regression tests with bug report/suggestion; Alas regression tests are a few months away still.

11: Re: Multiple DNS and subsites (response to 8)

Posted by Dave Bauer on 08/23/16 04:24 AM

Can you describe in a little more detail what you expect to happen?

You can definitely map a domain name to a subsite, and serve that subsite as the root of the mapped domain. Is that what you are trying to do?

You should not need a proxy server, but if you are using one in addition to AOLserver or Naviserver the configuration is more complicated.

13: Re: Multiple DNS and subsites (response to 11)

Posted by Iuri Sampaio on 08/23/16 03:32 PM

Dave,

That's precisely what I'm trying to achieve. To map a domain name (i.e. eventeasy.iurix.com) to a subsite (i.e. /eventeasy), serving the subsite as in eventeasy.iurix.com/ , using a unique OpenACS instance,

The ideal is to not need different AOLServer settings, neither separated OpenACS instances.

You can test the work around I did at http://eventeasy.iurix.com. You'll be redirected automatically to http://iurix.com/eventeasy/. But that has been done by the proxy server, i.e. Nginx.

p.s. I don't know if that is even possible in OpenACS, or even if it is its responsability to do so. But I can foresee this new feature as a parameter of the acs-subsite (/shared/parameters?...), i.e. DomainNameMapping

@Gustaff,

Good to know about Naviserver's virtual approach. Actually I'm thinking to move from AOLServer 4.5 to NaviServer soon. I already have a box runnig it. No problems so far.

@Benjamin,
I agree with Gustaff. Changes within ad_proc ad_conn and templating would have substancial impacts in OpenACS core and even non-core packages. In fact OpenACS is one oif the most stable framework available and there are reasons for that: 1. robust datamodel, 2. well implemented source code TCL and TCLO scripts, 3. regression test, 4. OpenACS installation tests, 4. DotLRN, frequently used packages, and the list goes on...)

15: Re: Multiple DNS and subsites (response to 13)

Posted by Benjamin Brink on 08/23/16 06:17 PM

@Iuri,

There are an abundance of benefits to switching to naviserver and upgrading to oacs-5-9, if the system isn't using ecommerce package.

Here is an example of host-node mapping working as I believe you expect. One of the host-node sites: http://dekka.com which points to subsite: http://or97.net/dekka-com
(It just serves a static page right now; until we re-tackle the various templating / form issues.) No proxy is used.

16: Re: Multiple DNS and subsites (response to 13)

Posted by Benjamin Brink on 08/23/16 06:54 PM

Bug filed:

bug filed: https://openacs.org/bugtracker/openacs/bug?bug_number=3293

cheers,
Ben

17: Re: Multiple DNS and subsites (response to 16)

Posted by Iuri Sampaio on 08/24/16 03:01 AM

Benjamin,

That's exactly what I'm trying to accomplish. It's still not clear to me how to achieve it.

Is hostnode feature on OpenACS 5.7 and AOLServer 4.5 simply broken?

Best wishes

18: Re: Multiple DNS and subsites (response to 17)

Posted by Benjamin Brink on 08/24/16 04:33 AM

That combination may be an issue. iirc when I used aolserver 4.x, either ns_conn or ad_conn would return an empty string *sometimes* in the context of visiting a host-node mappped url on earlier versions of Openacs ( up to about 5.3). One of the local motivations for switching to naviserver was to avoid the chronic issues with aolserver. At some point around 5.6 to 5.8 server level errors increased by a factor of 4.

An incredible amount of refactoring OpenACS has happened since 5.7, incluiding upgrading tcl syntax. Here is a discussion about compatibility matrix of oacs 5.7 and dependencies: https://openacs.org/forums/message-view?message_id=3920280
And the compatibility matrix: https://openacs.org/xowiki/openacs-compatibility-matrix

Definitely go with naviserver if you can make the change.
cheers,
Ben

19: Re: Multiple DNS and subsites (response to 18)

Posted by Gustaf Neumann on 09/02/16 04:12 PM

Concerning "server level errors": With the current version of OpenACS the number of erros is very little. We have now weeks on openacs.org without a single error or with very little errors in the error.log (in the following graphic, these is the orange line)

Up to january this year, openacs.org had on average 1 error per second.

Concerning the request of Iuri: i did some tests and fixed a few issues (mostly IPv6) and the following testing scenarios work fine:

Testing setup (A):
- http-port: 8009
- https-port: 8443
- base-hostname: localhost
- alternate-hostname: hugo
- main-subsite: /
- alternate-subsite: /hugo
- host-node map: hostname "hugo" -> /hugo/
- apm-parameter (acs-tcl): UseHostnameDomainforReg: 0

In this setup, the subsite (here: /hugo/) has to be given explicit read permission for public, otherwise, one cannot login, since subsite/register won't work (one needs already permissions to reach the subsite main node). Therefore, the site-admin has to grant read permissions to the public explicitly.

Other than this, everything looks ok with setup (A), the subsite works with http and https.

Testing setup (B):
- same as above, but:
- apm-parameter (acs-tcl): UseHostnameDomainforReg: 1

When UseHostnameDomainforReg is activated:
- login is redirected to the main site; the return_url as well.
- login cookies are set on the main-site and are not available on the subsite via the browser (maybe when setting "CookieDomain" and use "domain cookies" and appropriate sub-domain host names; not tested).
- This means that out of the box the user does not stay on the subsite but has to do all authorized work on the main site (which makes management of different users on subsite useless).

Also setup (B) works as well with the newest version in the oacs-5-9 branch. There were some issues in earlier version, but the actual version is fine in this respect. No nginx is involved.

For more details. see: https://openacs.org/bugtracker/openacs/patch?patch_number=848

all the best
-g

20: Re: Multiple DNS and subsites (response to 19)

Posted by Iuri Sampaio on 09/03/16 09:01 PM

Hi there,

@Gustaff, Nice results!
So far, I've set up a fresh installation of OACS 5.9 instance under NaviServer and Postgresql 9.1.

I assigned eventeasy.iurix.com to the same IP that iurix.com uses. Both DNS's point to /var/www/oacs-5-9/. There is only one NS service up, thus a unique config file: iurix.tcl.

I've created eventeasy as an acs-subsite. I've created a host-node eventeasy.iurix.com /eventeasy

However I don't have the behavior expected. the address eventeasy.iurix.com shows the Main Site. It was supposed to display /eventeasy.

Take a look: http://eventeasy.iurix.com/

Best wishes