Announcement

Collapse
No announcement yet.

Apache Config: Temp Domains

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Apache Config: Temp Domains

    Hey guys.

    Were looking to get temporary addresses set up such as accountname.domain.tld for people waiting for DNS changes to take effect. Yes I could make a quick change to the Apache configs to do this, but will the changes be nuked? Where can I safely make changes (for any InterWorx controld service) if I don't want them to get nuked during upgrades and such.

  • #2
    I'd edit the /etc/httpd/conf.d/domain.conf files directly CMI, they won't get nuked on upgrades (we try to not nuke any file that a user could edit as a general rule). Almost any file in /home/interworx is ours to nuke (beyond a few files like iworx.ini etc) so as long as you don't touch those files you should be fine :).

    Chris
    Chris Wells
    InterWorx L.L.C. | http://interworx.com
    InterWorx Control Panel

    Comment


    • #3
      Great. Thanks Chris.

      Comment


      • #4
        Do you have a slicker way of doing this? Its going to be a pain to edit that file each time by hand.

        I was thinking of UserDir and AliasMatch, but both present problems. Usint VirtualDocumentRoot makes for some long URLs, but the work. The problem is the domain under which it is used doesn't work without much trickery (which I haven't pulled off yet).

        Comment


        • #5
          Actually, a 'pointer domain' created in siteworx *should* do the trick. I noticed some weirdness in the pointer domain interface that we're going to address (I think it prepends www. to whatever you input), but give it a shot. If it does prepend you can just edit the .conf file (which sucks I know) for now until we get a fix.

          Chris
          Chris Wells
          InterWorx L.L.C. | http://interworx.com
          InterWorx Control Panel

          Comment


          • #6
            I tried adding a pointer domain to the new account as well as the "main" account just to test that. Neither worked for me. (And I didn't see www. prepended in the pointer domain list after I added it).

            Of course, this does present a possible problem. If I have domain1.tld and domain2.tld on the same box, and domain2.tld adds a pointer domain such as pointer.domain1.tld, wouldn't this screw with domain1.tld? It would be a fairly good fake since the imposter would have the same IP address as the target.

            Comment


            • #7
              Scratch that. It DOES work now (guess I checked too soon).

              Still have those concerns though.

              Comment


              • #8
                I tried adding a pointer domain to the new account as well as the "main" account just to test that. Neither worked for me. (And I didn't see www. prepended in the pointer domain list after I added it).
                This is part of the bug, I believe in teh .conf file there *is* a www prepended.

                Of course, this does present a possible problem. If I have domain1.tld and domain2.tld on the same box, and domain2.tld adds a pointer domain such as pointer.domain1.tld, wouldn't this screw with domain1.tld? It would be a fairly good fake since the imposter would have the same IP address as the target.
                The short answer is yes, this could be bad. It comes down to the order in which the .conf files in /etc/httpd/conf.d are parsed by apache as to which site would be seen. Longer term we'll probably add checks for this after I think about it a bit more, but in the short term it's not really a problem because domain1.tld has to know domain2.tld exists, and is on the same server (or vice versa).

                Chris
                Chris Wells
                InterWorx L.L.C. | http://interworx.com
                InterWorx Control Panel

                Comment


                • #9
                  Originally posted by IWorx-Chris
                  The short answer is yes, this could be bad. It comes down to the order in which the .conf files in /etc/httpd/conf.d are parsed by apache as to which site would be seen. Longer term we'll probably add checks for this after I think about it a bit more, but in the short term it's not really a problem because domain1.tld has to know domain2.tld exists, and is on the same server (or vice versa).

                  Chris
                  I know its very unlikley that this would turn into a problem, but as you think about it:
                  - When people introduce themselves on the Nexcess.net forums, I somtimes check to see if we are "server buddies"
                  - Its entirely possible to target someone (very easy if someone is just running one box, like we are)

                  Comment


                  • #10
                    Originally posted by CMI
                    I know its very unlikley that this would turn into a problem, but as you think about it:
                    - When people introduce themselves on the Nexcess.net forums, I somtimes check to see if we are "server buddies"
                    - Its entirely possible to target someone (very easy if someone is just running one box, like we are)
                    The pointer is also in the account's siteworx settings, which kind of scares me. The way we are doing it, they can see exactly what we are up to.

                    Comment


                    • #11
                      Originally posted by CMI
                      I know its very unlikley that this would turn into a problem, but as you think about it:
                      - When people introduce themselves on the Nexcess.net forums, I somtimes check to see if we are "server buddies"
                      - Its entirely possible to target someone (very easy if someone is just running one box, like we are)
                      You're right, but it's even easier to do much worse things :). Snooping DB passwords, member area passowords, hacking boards/sites/galleries based on this info. Don't get me wrong, I agree CMI, checks need to be added in, but remember that shared server = insecure neighborhood :(.

                      Chris
                      Chris Wells
                      InterWorx L.L.C. | http://interworx.com
                      InterWorx Control Panel

                      Comment


                      • #12
                        The pointer is also in the account's siteworx settings, which kind of scares me. The way we are doing it, they can see exactly what we are up to.
                        Understood, we edit the conf file directly for each account (forgot too this morning as you saw lineman :)).

                        Chris
                        Chris Wells
                        InterWorx L.L.C. | http://interworx.com
                        InterWorx Control Panel

                        Comment


                        • #13
                          Originally posted by IWorx-Chris
                          Understood, we edit the conf file directly for each account (forgot too this morning as you saw lineman :)).

                          Chris
                          hehe I wondered if that's what happen. :p It's nice to see you guys are human, too. :)

                          Comment


                          • #14
                            It's nice to see you guys are human, too.
                            I've tried putting bionic parts on paul (arms, toes etc) but he always just complains that it's itchy. so we're left to just make mistakes :(.
                            Chris Wells
                            InterWorx L.L.C. | http://interworx.com
                            InterWorx Control Panel

                            Comment


                            • #15
                              Originally posted by IWorx-Chris
                              I've tried putting bionic parts on paul (arms, toes etc) but he always just complains that it's itchy. so we're left to just make mistakes :(.
                              You may just need to change his OS. CMI's mom built him on a BSD platform and that seemed to do the trick. :D

                              Comment

                              Working...
                              X