Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Currently, if the domain has a wildcard DNS configured and pointing to the server's IP, any not defined in Aegir subdomain will be served by default vhost, while it could be useful to redirect it to the main domain, until it is defined/used on any site.
This may cause issues when there is already aliases redirect enabled in the front-end, so it may require also some tweaks in the Hostmaster and not only in the vhost templates in Provision.
Comments
Comment #1
anarcat CreditAttribution: anarcat commentedThe way this works in Apache right now is that there's a default Vhost that gives a 404:
ServerName default
Redirect 404 /
It is the default only because it is included before the others. I think nginx should follow a similar policy.
Comment #2
omega8cc CreditAttribution: omega8cc commentedIn Nginx version we use by default the standard Nginx directory with the index file "It works!" as a root for the default vhost, so it is basically the same (almost) result as in the Apache version. However, we received some requests recently to add support for wildcard subdomain vhosts and it is perfectly doable in Nginx.
Comment #3
anarcat CreditAttribution: anarcat commentedOkay, then I misinterpreted what we meant here.
I understand now that you mean having a domain or alias like *.example.com be a wildcard for the domain, is that correct?
There are some twists to this, most importantly the symlinks in sites/, but it's perfectly doable and something I would support.
Comment #4
omega8cc CreditAttribution: omega8cc commentedAlmost. The symlinks in the sites directory will not be an issue, since the idea is to *redirect* all not defined subdomains to the main domain and not to add the ability to create a SEO-spam-like wildcard in the vhosts. So we probably need to add an extra server block in the config template, so it will work as a catch-all for *.example.com just before the standard server block, with configuration as usual. I will submit some patches for review, when I will have it tested enough.
Comment #5
Robin Millette CreditAttribution: Robin Millette commentedIn my case, I am using the subdomain module have 1000 subdomains, one for every group on the site. Currently, I have a huge list of site aliases, all leading to different groups - much like different sites as far as the content and themes go anyway. Having the wildcard redirect them all to the main site would defeat the purpose, at least for my case.
Comment #6
omega8cc CreditAttribution: omega8cc commented@Robin Millette
The wildcard should never conflict with any defined aliases and you can't use any alias if it is not added in Aegir, no Drupal module will help you with this, so I don't see how is it related. Am I missing something maybe?
Comment #7
Robin Millette CreditAttribution: Robin Millette commentedI have a main site at example.com using organic groups. http://drupal.org/project/subdomain lets you map subdomains to groups. Given the groups "A" and "B", subdomains a.example.com and b.example.com are also accessible, leading to their group content.
With 1000 subdomains, that's a lot of aliases to create. I would like to add *.example.com (in the aegir alias list or with a checkmark) and NOT have those subdomains all (http) redirected to the main site at example.com but each living at its own subdomain.
My problem is not www.example.com vs example.com - where an http redirect is always a good idea.
Comment #8
omega8cc CreditAttribution: omega8cc commentedThen we need it as an option - wildcard with redirect and wildcard without redirect. There is already related issue in the hostmaster queue, so it could share some code probably, anyway - #815190: Allow for both redirects and aliases
Comment #9
anarcat CreditAttribution: anarcat commentedNote that there is a start in #1859478: Don't allow site domain names to be IP addresses, with a fix to the _hosting_valid_fqdn regex - is there anything else necessary here?
Comment #10
anarcat CreditAttribution: anarcat commentedThis should be in 2.x, not 1.x.
Comment #11
omega8cc CreditAttribution: omega8cc commentedYep, we have added this wildcard support in Nginx and it works as expected by @Robin Millette - you just enter
*.example.com
instead of 1000 separate aliases. Not sure if this kind of wildcard is supported in Apache - if yes, then it is easy.Comment #12
anarcat CreditAttribution: anarcat commentedCool, nice to hear. Was changing that regex the only thing necessary for this support to work in nginx?
From what I understand, Apache also supports wildcard vhosts the same way, so this should be fairly transparent.
I do feel we will need to check for host ownership - for example what happens if clientA takes the example.com domain and clientB takes the *.example.com - who wins www.example.com? How do you handle this now?
Comment #13
anarcat CreditAttribution: anarcat commentedI meant to mark this as needs work, we still need a patch.
Comment #14
omega8cc CreditAttribution: omega8cc commentedYes, it was just a matter of changing the regex to allow
*.
at the beginning.If there is no vhost with
www.example.com
alias, then owner of*.example.com
wins it, obviously, but if you have enabled by default "Generate www.domain.com alias automatically" and "Generate domain.com alias automatically" at admin/hosting/aliases, so both www and non-www versions are always created, then owner of*.example.com
can't take overwww.example.com
, because wildcards are processed last - see http://wiki.nginx.org/NginxHttpCoreModule#server_nameWe handle this by always enabling automatic aliases by default.
However, hmm.. now I think we should allow this only in aliases, and not as a main site name, because even if it doesn't work (site install fails anyway) it shouldn't be allowed. This makes things a bit more complicated, so not sure if this would be worth the effort.
Comment #15
anarcat CreditAttribution: anarcat commentedSo I guess my question is: what policy do we want in the frontend by default? Should we let clientA steal www.example.com or (say) secure.example.com from clientB that has *.example.com?
Maybe that's already a problem - if clientB has just example.com, probably that clientA can already steal foo.example.com... Maybe I'm stumbling upon a problem that's already present...
Comment #16
omega8cc CreditAttribution: omega8cc commentedSure, that problem already exists as we don't control it at all, so anyone on the same instance can use not-yet-created sub-domain alias in someone's else domain.
We would need to introduce something like strict *.domain ownership associated with client probably, but since domains can have several sub-levels and various extensions with various levels, it can be tricky, because, well, what if someone will add an alias like
*.com.au
? In fact, we already allow also too broad names likecom.au
, so it is already a problem, and adding wildcards may open a Pandora's box.Comment #17
anarcat CreditAttribution: anarcat commentedI'm going to work on this now. From what I understood, I believe the only thing that is necessary is to fix the regular expressions, so I will do that. It seems, however, that we can only have wildcards in aliases and not in the primary domain name, at least I had issues with doing that. So I will create two regex functions since, anyways, the fqdn check is used for servers and we don't want wildcards there.
Comment #18
anarcat CreditAttribution: anarcat commentedpushed a fix to the frontend in 2.x.