I am building an eCommerce platform and I would like to give my user's the ability to point their domain (e.g. bobsburgers.com) to an HTTPS-protected subdomain on my site (e.g. bobsburgers.shoplolz.com). Getting a wildcard certificate for the dynamic subdomain is simple, but how does one allow their users to use their own domain while requiring HTTP? I'm currently hosted on Heroku but I'm curious at a higher level how this can work, if at all.
Based on my research the only way to do this is to have the site owner upload an SSL certificate and use an HTTPS-enabled reverse proxy which can be configured dynamically to accept new SSL certificates for newly added domains.
Related
In setting up our own subdomain to handle Firebase Dynamic Links using these docs, the wizard says to put the A records at example.com in our DNS. I'm getting pushback from our network administrators who are wary of creating an A record at the root of our domain, which is a large e-commerce web site.
A couple of concerns/questions about this:
The IP addresses required (151.101.1.195 and 151.101.65.195) point to non-Google servers (looks like Fastly), which is a bit alarming - it seems strange that Google would outsource their deep link hosting.
We don't want all of our e-commerce traffic (coming through example.com) to be subject to these A records. Is it possible to put the A records at link.example.com instead?
The Firebase documentation on using a custom domain for dynamic links has this note:
To use a custom domain for Dynamic Links, the domain must point to Firebase Hosting. If you have a domain you want to use with Dynamic Links and the domain points to a different host, you can either move to Firebase Hosting or create a subdomain hosted by Firebase, which you can use for Dynamic Links.
So you can indeed use a subdomain for the dynamic links. In that case, just set up the subdomain in Firebase hosting. You'll need the same TXT record as normal, to prove that you have access to the domain, but then just map the subdomain (e.g. links) for the A record.
Here is the answer I received from Firebase support about these my two concerns/questions:
Regarding Fastly, Firebase uses this subprocessor to deliver content and managed services on Firebase Hosting. For more details you could check the list of Subprocessors used by Firebase on this doc.
It's possible to use a subdomain as your Firebase project's FDL domain. You'd need to create a subdomain (link.example.com) on your domain's DNS provider and connect it to Firebase Hosting. You could check out this guide for more details.
I have just pushed a Spring Boot / VueJS application to Pivotal Cloud Foundry and was wondering how I change the URL for the website?
When I pushed the application they gave me a URL of http://crdeckhelper.cfapps.io/
I went to godaddy and bought a domain of crwardecks.com
How do I make my application run on crwardecks.com?
I currently have godaddy re-routing the person to the URL that cloud foundry generated for me, but this is not the behavior that I want.
I have read the documentation on Pivotal but for some reason it confuses me. I have also searched for this on the web but wasn't able to find a good resource.
There's a couple things you need to do.
Add your domain to Cloud Foundry. Run cf create-domain.
https://docs.run.pivotal.io/devguide/deploy-apps/routes-domains.html#private-domains
Map a route under this domain to your app. Run cf map-route <app> <domain> ....
https://docs.run.pivotal.io/devguide/deploy-apps/routes-domains.html#map-route
At this point, you'll have the domain and route set up in CF, but nothing is sending traffic to CF.
To send traffic to your CF, you need to make an adjustment in your DNS records. Again, there's a couple of options.
You can route traffic for just one subdomain to the app, by creating a CNAME record that points from your custom domain to the domain assigned by CF. Ex: CNAME: www.example.com -> crdeckhelper.cfapps.io.
You can route traffic for all subdomains with a wildcard. Again we use a CNAME record but this time we use a wildcard. Ex: CNAME: *.example.com -> *.cfapps.io (or you could use some subdomain, like *.sub.cfapps.io).
Both are described more here. Also, cfapps.io is part of Pivotal Web Services. If you use a different provider then your shared domain will be different.
At this point, you should have traffic routing to CF & CF should be routing traffic to your specific app. Your done & you can stop reading, unless you are trying to map a root domain to your app.
There's an edge case around root domains (i.e. example.com, not www.example.com), because DNS CNAME records don't work for a root domain. Some DNS providers support ALIAS or ANAME records, which work like a CNAME record for root domains. If your provider does, you can give it a try (see your DNS provider's doc for instructions on how to use). If not, see if your provider supports URL forwarding. Many DNS providers will automatically redirect HTTP traffic on the root domain to a sub domain you specify, like example.com -> HTTP 302 -> www.example.com.
For more on root domain setup, see Configuring DNS for Your Registered Root Domain at the following link.
https://docs.run.pivotal.io/devguide/deploy-apps/routes-domains.html#domains-dns
As a last resort, you could use an A record, but you need to be very careful because your CF providers may not have static public IPs, rather their IPs can change. If you use an A record and your provider's IP changes, traffic will stop flowing to your app & you'll need to update your A record to point to their new IPs (you can get your provider's IPs by running dig <app-dns> or nslookup <app-dns>. If you go this route, make sure you have monitoring to quickly catch when IPs change.
Hope that helps!
I have a wordpress installation and I have a security certificate installed for the main site, however, it is a subsite installation and how do I make the security certificate work for all the wildcard (*) subsites?
For securing sub domains of the main domain you will have to enable wildcard ssl certificate at only main domain name.
For example:
If you have domain name xyz.com and want to secure its all sub domain names then you will have to enable wildcard ssl certificate at *.xyz.com then it will automatically will secure its all first level sub domains like blog.xyz.com, payment.xyz.com etc.
As per you requirements, you need to obtain a new Wildcard SSL certificate to protect your subsites (sub-domains). It will protect your entire website and its multiple sub-domains. To obtain this certificate, you have to add a single asterisk (*) just before your domain name (i.e. - *.yoursite.com), it will allow to secure all first-level sub-domains.
As you mentioned that you already have an SSL certificate for your main website, but managing individual certificates for your main site and each sub-domain will be horrible and time consuming for administrators. Wildcard SSL certificate is perfect, flexible and money saving certificate in the state of sub-domains security.
I’m building a web application where users can create their own websites. Users have the option to point their own domain names at these sites. A prototype for the application already exists; Apache accepts requests on all hostnames and the actual domain mapping and resolution happen at the application level (a simple database lookup grabs the site that matches the requested hostname).
Where I’m stuck is how users’ SSL certificates might fit into this equation. What steps would I need to take to allow a user to upload their SSL certificate such that the application could successfully handle secure HTTP requests to their hostname? Is this even something the application alone could handle?
I think you cannot handle this in your application alone.
It's a CA problem, except you are an intermediate CA company, or you cannot get the user's domain SSL certificate and sign for user's domain.
The typical user, and IMHO even more the user's who are going to create a web site of this system as opposed to setting up their own WordPress or other site on their own server (or their own paid shared server hosting account), will have absolutely no idea how to setup a proper SSL certificate, so getting it to your securely so that you can install it wouldn't even be an issue because they will never get that far.
However, you should be able to use Let's Encrypt to do exactly what you need. As part of the process of adding a domain, once the domain is pointing to your server (the users will have to figure out how to do that with their domain registrar), you can create a Let's Encrypt certificate and validate it. My favorite web hosting company (I won't name it as that is not relevant - anyone can do this with some effort) provides this capability as part of their Control Panel. They also provide paid certificates with a few of the big issuers, as they have for many years, but for most small sites Let's Encrypt works very well and is totally free. The setup literally takes only a minute. The key is that you have to give the user an IP address or CNAME first so that they can point the domain. Once the domain is resolving to your server, you can get the Let's Encrypt certificate.
I manage a hosting server using WHM. I have two cPanel accounts on this server, one for exampletest.com (account name is exampletest) and one for example.com (account name example). We have a Wordpress site that was working well at exampletest.com but we keep running into problems when we try to migrate it to example.com. I believe it has to do with one WordPress plugin that doesn't migrate well.
So we had the idea to simply take the example.com domain and point it to the exampletest cPanel account, then update the domain for WordPress in the database. However, one potential issue I can see is that we have many active email addresses on the example account. I fear that associating the example.com domain to the exampletest account will break the email addresses.
Keeping the above in mind, I have a couple questions:
Will associating the example.com domain to the exampletest account break the emails? If so, is there a workaround (moving the email addresses to the new account somehow?)
Is there a better way to go about doing this that I'm not thinking of?
The best way of transferring your wordpress site would be to copy the files, create a database user with the same login details and import the database. Wordpress shouldn't be able to tell the difference.
One way would be to assign a static IP address to exampletest and point example.com's A record to that IP.
Due to the way WHM's DNS and port binding is set up it will not let you set up the same domain on two seperate accounts.
You could treat www. as a seperate subdomain and add the subdomain www.example.com to exampletest as an addon domain and remove the www A record from example first. Redirect all web traffic from example.com to www.example.com or use another sub-domain such as www2.
Another option would be transfer the emails, you can either use the transfer tools in WHM > Transfers or use http://imapsync.lamiral.info/