I want to allow the users of my PHP application to create their own subdomains on my server.
For example, I currently operate example.com and for my premium users I manually create a subdomain like bob.example.com or jack.example.com, I point the user subdomains to the same server that runs my application which has a wildcard SSL cert.
What I want to do is have a system that will automatically create subdomains of my domain for my users when they register on my application but I'm not sure where to start on this. I'm assuming that this can't be done purely in PHP but I'm hoping someone can point me in the right direction for what I want to do here.
Thank you N.B - Wildcard domain seems to be exactly what I'm looking for.
Related
I have seen a lot of solutions that involve using .htaccess. I would like to know a way to create sub domains using only PHP. For my purposes, this also needs to work using non-host-specific mechanics so it would work on most hosts.
All I know is that I would need a wildcard CNAME record that says all sub domains point to x.x.x.x, but I don’t know what to do from here. What I think you need to do is create a folder that contains the code for the sub domains, and I have done this, but I cannot find a cross-host way to link the sub domain with the folder. There has to be a way to do this as I have seen it done, but I can not find a way that meets my needs.
The problem here is that PHP doesn't handle the request coming in, a web server (e.g. Apache or Nginx) does and it's the config for that software that determines where a request goes. Now the good news is that you can have wildcards in your config (at least for Apache and Nginx, YMMV if you're not using one of those), as long as you can access the config file (you'll need root access on the server). There is plenty of information available out there depending on what web server you are using so you can google that part.
Now, assuming you've done that part, in PHP you just need to check what the root domain for the request is. That information is stored in $_SERVER['HTTP_HOST'], so you can use a simple script to figure out which subdomain has been requested and then launch the appropriate script for that subdomain. Something like this should do the trick:
// Assuming request comes from https://subdomain.mydomain.com
$subdomain = str_replace('.mydomain.com', '', $_SERVER['HTTP_HOST']);
echo $subdomain // Outputs "subdomain"
This will capture multiple levels of subdomains as well, so if your request comes from https://sub1.sub2.subdomain.mydomain.com then $subdomain would contain sub1.sub2.subdomain.
Edit after comment
You can't do this with shared hosting. Basically the config panel you get with the host, when you set up a domain or subdomain it's modifying the config file on the server for you. There's no way a host would let anyone access the config through anything other than their control panel for security. It's possible that hosts will have a similar setup to your test server, where subdomains just work as they use wildcards by default, but I don't know that and there's no guarantee of that.
WordPress itself is just blogging software. It doesn't let you set up lots of separate websites with their own installations. What WordPress Multisite (I assume that's what you mean when you mention WordPress) is use a single installation to host multiple "sites", but it's still one installation, one single database. All of the posts, all the pages, they're all stored in a single database and if you got into that database you could easily include a page from one site on another just by editing some fields in the database. It's not designed for reselling or for multiple, completely separate entities. There are a whole host of security risks in doing that sort of thing. It's designed for single entities that want to split their sites up into multiple sites, but where it's all one company, or related companies. Universities with different departments is one example I read about before, each department has their own "site" and the main IT office has a super user that can access all of them as it's on one single installation.
I could do with a little more information on what you're trying to do, but it sounds like you're trying to do something like WPEngine, where they sell hosting space and install WordPress for you. But they have dedicated servers that run scripts that create the config files and install WordPress on your own individual hosting space using their servers. That's known as SaaS (Software as a Service) and from the little you have said seems what you are trying to do. People subscribe to your site and get their own instance of the software you're selling that they access through an admin portal. That's not something they can install on their own hosting, they have to use yours. That's how most companies do this sort of thing.
I have a server on which I am using dokuwiki to host both a homepage as well as a wiki. The server is available under www.domain.com and the wiki is available under wiki.domain.com. Internally both subdomains are served from different directories.
However this means, that everybody who wants to sign up has to sign up for the both domains and manage a duplicate set of user accounts for both subdomains.
What I would like is to have a system, where anybody can sign up on both pages and only has to log in in any of the domains and get access. ACL should still be managed separately for both domains, since I might use namespace names multiple times.
I looked through the list oft dokuwiki auth plugins, but I was not able to find anything usefull for this purpose. Another idea would be to just soft- or hardlink the auth data directory in the two installations. However this would still mean users would have to log in multiple times. Also I am not sure whether my hoster actually allows such directory links, or if this might mess up the two installations.
Is there any other way to create such a setup?
A DokuWiki farm setup might help with having the same user database for both sites. Symlinking the user file is another way.
More complicated is to share the cookies between both domains. I'm not sure how to approach this best. Maybe others can offer some ideas.
Well since this is on the same server just across your various subdomains I would imagine you would want to store the user info including logins in a shared database so that no matter which app/subdomain you insert their registration data and query for their login info from the same database. Then it's a matter of using PHP sessions for keeping track of if they are logged in across subdomains. There is already a length stack on how to achieve that here:
PHP Sessions across sub domains
Try setting the Cookie Domain to .yourdomain.com
This means your browser will deliver cookies to subdomains of yourdomain.com.
So cookies will beshared among www.yourdomain.com and wiki.yourdomain.com
I'm building an online dating website at the moment.
There needs to be an admin backend to the site to approve users/photos etc.
I can add this admin part of the site/login etc to the same domain.
eg: www.domainname.com/admin
Or from my experience with PHP CURL I can put this site on a different domain and CURL the requests through.
Question: is it more secure to put the admin code/site on a completely different domain? or it really doesn't matter if it sits on the same domain? hacking/security is the really point of this.
thx
Technically it might be more secure if you ran it from a different server and hosted it on a subdomain using a different IP/vhost, or use a proxy mod for your webserver (see Apache mod_proxy) to proxy requests from yourdomain.com/admin to admin.otherdomain.com and enforce additional IP or access control using .htaccess or equivalent to access the proxy url.
Of course, if those other domains are web accessible, then they are only as secure as the users and passwords that use them.
For corporate applications, you may want to make the admin interface accessible from a VPN connection, but I don't know if that applies to you.
If there is a vulnerability on your public webserver that allows someone to get shell access, then it may make it slightly more difficult to get administrative access since they don't have the code for the administration portion.
In other words, it can provide additional security depending on the lengths you go to, but is not necessarily a solid solution.
Using something like cURL is a possibility, but you'd have far less troubleshooting to do using a more conventional method like proxy or subdomain on another server.
I want to dynamically create new sub domains on my website. i mean if you have example.com then you dynamically create sub.example.com .
i looked on google and there was nothing really good. i downloaded some scripts but they were all not working. my website is based on php so please if there is anyway i can do it in php tell me, and also if it can be possible with python then that is awesome!.
You need to setup a wildcard subdomain. Basically, anything.mysite.com will resolve to mysite.com. At that point it's up to your code to kick in and serve up the proper content depending on what subdomain the user is looking at.
http://www.google.lk/search?q=wildcard+subdomain
You can't do this unless you have permission to alter the DNS server for your domain.
I am using php/mysql on linux servers. I want to create a user sub domain for each user upon sign up. For instance, john doe --> johndoe.example.com
The issue is, we are going to allow customizations such as adding custom features for clients wanting customizations. So, is it better we automate the process or manually create sub domains for clients requiring customizations and let other users just use basic login?
And how can i automate the process if need be?
Instead of creating subdomains, have a wildcard subdomain which is mapped into one folder and with PHP figure out which user's data you want to show.
If you are using a cPanel hosting, creating a wildcard subdomain should be pretty easy and wont require any manual adjustment to the httpd.conf file. Otherwise whenever you will add individual subdomains Apache will be restarted in the background, which is not at all good.
I rephrased my answer for clearer understanding.