Forum OpenACS Development: Multiple DNS and subsites

Collapse
Posted by Iuri Sampaio on
Hi there,

Is it possible to easily have subdomains pointed to their respective acs-subsites?

I want to set them all up under OpenACS -> Main Site. As the following scenario:
www.iurix.com /
site1.iurix.com /site1/
site2.iurix.com /site2/

I tried to create a new host-node map, but it seems the solution is not there.

eventeasy.iurix.com 405572 /eventeasy/

I could easily assign the redirection task to Nginx, but in the application level, the scenario wouldn't be solved yet. I want to have DNS and subsites working independently. Whether related or entirely different subsites, all of them under Main Site.

Is it possible?

Collapse
Posted by Benjamin Brink on
Hi Iuri,

Be sure to restart server after creating host nodes.

Hmm.. It looks like something is broken with the cookies. I'm logged as an admin in main site (on my case); When on a hosted node, the login template shows that I'm not logged in, yet /admin/ still shows the admin menu. Looks like some debugging is necessary before it will work in a way other than serving static content.

May you quickly succeed at debugging,
Ben

Collapse
Posted by Iuri Sampaio on
Benjamin,

The server was restarted. Nevertheless I did not see the expected result.

Hence, the result is to have eventeasy.iurix.com virtually assigned to its rootdir /, when in fact it's pointed to http://iurix.com/eventeasy/. All of them under the very same umbrella: Mainsite. That's why they are accessible across different DNS'es and the same subsite "/instance"

I'd understand if OpenACS is only able to redirect to its subsite, such as: the user types http://eventeasy.iurix.com, then OACS redirects automatically to http://eventeasy.iurix.com/eventeasy/ and serve the page.

Let me get this one rolling and I will be more than glad to fix that issue with session's misbehaves.

There could even be eventeasy.iurix.com/eventeasy/.

Collapse
Posted by Iuri Sampaio on
Although it's too risky and resource consuming, another option would be to start one AOLSERVER instance to every DNS. Then a different config file to every instance pointed to the same homedir and database.

Would that be even an option?

Best wishes

Collapse
Posted by Iuri Sampaio on
The solution seems a task for a proxy server but not entirely. I already set up in the Nginx, server settings, to the DNS http://eventeasy.iurix.com to redirect to http://iurix.com/eventeasy/

But, It seems the solution is one step further, in the application level. It requires something similar to example:

The user access eventeasy.iurix.com, OACS core notices the DNS is within hostnode's table, that the triple (eventeasy.iurix.com, 9589839, /eventeasy/)

OACS serves the entire subsite to the user as if it is /

In the worst scenario it would impact url's structure, and that means a core change.

Is there any other possibility?

Collapse
Posted by Benjamin Brink on
Iuri,

What naviserver and OpenACS version are you using?

The host-node part of it is working locally on ns 4.99.11 and oacs-5-9 (acs-kernel 4.9.1d4).

Collapse
Posted by Iuri Sampaio on
AOLSERVER 4.5 and OpenACS 5.7
Collapse
Posted by Iuri Sampaio on
The solution seems a task for a proxy server but not entirely. I already set up in the Nginx, server settings, to the DNS http://eventeasy.iurix.com to redirect to http://iurix.com/eventeasy/
But, It seems the solution is one step further, in the application level. It requires something similar to example:

The user access eventeasy.iurix.com, OACS core notices the DNS is within hostnode's table, that the triple (eventeasy.iurix.com, 9589839, /eventeasy/)

OACS serves the entire subsite to the user as if it is /

In the worst scenario it would impact url's structure, and that means a core change.

Is there any other possibility?

Collapse
Posted by Benjamin Brink on
With 5.7, maybe this variation will work for you:

In the past, with oacs-5.5 iirc, I ran multiple oacs sites from one ip address.

Each site was served from a different config.tcl, different port, different oacsroot file and different database; No host-node mapping.

A proxy server (apache proxy?) handled the calls between each domain:80 and each oacs:unique_port (forward and reverse).

If you try this, you might want to set the acs-tcl parameter SuppressHttpPort to 1 (and restart).

cheers,
Ben

Collapse
Posted by Benjamin Brink on
ps, Know that host-node mapping tends to be unstable between releases. It requires extra time to periodically test and maintain between upgrades, because it is rarely tested before new releases (and apparently rarely used);

In addition to session issues, acs-core changes tend to break templating and some underlying ad_conn behavior used to generate forms, for example.

Proxy is most stable way to go.

Collapse
Posted by Gustaf Neumann on
The right way to aim for a "stable" host-node mapping is to add tests to the regression test suite (after sorting out, what in detail is expected or not). The host-node mapping is (and was since ever) very limited, but it seems useful as it is for several sites.... but actually, i am not aware of site using it.

A much more general virtual hosting approach is available in NaviServer (run multiple servers from a single nsd process, which might or might not have the same blueprints), but that approach is not integrated with OpenACS, since in OpenACS we try to keep AOLserver compatibility.

All releases of OpenACS are tested thoroughly (regression test, OpenACS installation tests, DotLRN, frequently used packages, ...). In addition, OpenACS.org is running as close as possible on the HEAD release (currently the newest version of the oacs-5-9 branch), so on the 70 packages in use on OpenACS.org, bugs are earlier detected.

If someone finds a bug (in templating, core, ...) please submit a proper bug report, where this issue can be addressed. I am not aware of any changed "ad_conn behavior used to generate forms". Such changes would affect openacs.org substantially. Vague and nebulous statements are not constructive and do not help.

Collapse
Posted by Benjamin Brink on
I'm sorry; I should have provided more context for my comments about the unstable nature of ad_conn in context of host-node mapping:

Since Uri is using aolserver 4.5, I mentioned our local experience with using host-node mapping with aolserver 4.5 --not naviserver.

site_node::conn_url was developed (in 2009 and submitted to acs-core) in order to work around the inconsistent behavior of ad_conn. It was meant to provide a consistent url depending on if it is called from a main site or when called from a host-node. However, changes in core dependencies caused it to break soon after also. A fix was again provided that worked locally, but it again broke on next release. iirc. CVS browser highlights some of the history and forum discussion on it.

Part of the issue had to do with inconsistent view of the purposes of some of the underlying code between core developers.

The core and maintenance process has matured significantly since then. I'm sure a re-examination and development of regression tests will stabilize the feature into something quite useful. I'll file a bug/suggestion shortly.

@Gustaf,

Yes. Regression tests should be added at some point to stabilize feature(s). I was going to re-visit this and provide regression tests with bug report/suggestion; Alas regression tests are a few months away still.

Collapse
Posted by Dave Bauer on
Can you describe in a little more detail what you expect to happen?

You can definitely map a domain name to a subsite, and serve that subsite as the root of the mapped domain. Is that what you are trying to do?

You should not need a proxy server, but if you are using one in addition to AOLserver or Naviserver the configuration is more complicated.

Collapse
Posted by Iuri Sampaio on
Dave,

That's precisely what I'm trying to achieve. To map a domain name (i.e. eventeasy.iurix.com) to a subsite (i.e. /eventeasy), serving the subsite as in eventeasy.iurix.com/ , using a unique OpenACS instance,

The ideal is to not need different AOLServer settings, neither separated OpenACS instances.

You can test the work around I did at http://eventeasy.iurix.com. You'll be redirected automatically to http://iurix.com/eventeasy/. But that has been done by the proxy server, i.e. Nginx.

p.s. I don't know if that is even possible in OpenACS, or even if it is its responsability to do so. But I can foresee this new feature as a parameter of the acs-subsite (/shared/parameters?...), i.e. DomainNameMapping

@Gustaff,

Good to know about Naviserver's virtual approach. Actually I'm thinking to move from AOLServer 4.5 to NaviServer soon. I already have a box runnig it. No problems so far.

@Benjamin,
I agree with Gustaff. Changes within ad_proc ad_conn and templating would have substancial impacts in OpenACS core and even non-core packages. In fact OpenACS is one oif the most stable framework available and there are reasons for that: 1. robust datamodel, 2. well implemented source code TCL and TCLO scripts, 3. regression test, 4. OpenACS installation tests, 4. DotLRN, frequently used packages, and the list goes on...)

Collapse
Posted by Benjamin Brink on
@Iuri,

There are an abundance of benefits to switching to naviserver and upgrading to oacs-5-9, if the system isn't using ecommerce package.

Here is an example of host-node mapping working as I believe you expect. One of the host-node sites: http://dekka.com which points to subsite: http://or97.net/dekka-com
(It just serves a static page right now; until we re-tackle the various templating / form issues.) No proxy is used.

Collapse
Posted by Benjamin Brink on
Collapse
Posted by Iuri Sampaio on
Benjamin,

That's exactly what I'm trying to accomplish. It's still not clear to me how to achieve it.

Is hostnode feature on OpenACS 5.7 and AOLServer 4.5 simply broken?

Best wishes

Collapse
Posted by Benjamin Brink on
That combination may be an issue. iirc when I used aolserver 4.x, either ns_conn or ad_conn would return an empty string *sometimes* in the context of visiting a host-node mappped url on earlier versions of Openacs ( up to about 5.3). One of the local motivations for switching to naviserver was to avoid the chronic issues with aolserver. At some point around 5.6 to 5.8 server level errors increased by a factor of 4.

An incredible amount of refactoring OpenACS has happened since 5.7, incluiding upgrading tcl syntax. Here is a discussion about compatibility matrix of oacs 5.7 and dependencies: https://openacs.org/forums/message-view?message_id=3920280
And the compatibility matrix: https://openacs.org/xowiki/openacs-compatibility-matrix

Definitely go with naviserver if you can make the change.
cheers,
Ben

Collapse
Posted by Gustaf Neumann on
Concerning "server level errors": With the current version of OpenACS the number of erros is very little. We have now weeks on openacs.org without a single error or with very little errors in the error.log (in the following graphic, these is the orange line)

Up to january this year, openacs.org had on average 1 error per second.

Concerning the request of Iuri: i did some tests and fixed a few issues (mostly IPv6) and the following testing scenarios work fine:

Testing setup (A):
- http-port: 8009
- https-port: 8443
- base-hostname: localhost
- alternate-hostname: hugo
- main-subsite: /
- alternate-subsite: /hugo
- host-node map: hostname "hugo" -> /hugo/
- apm-parameter (acs-tcl): UseHostnameDomainforReg: 0

In this setup, the subsite (here: /hugo/) has to be given explicit read permission for public, otherwise, one cannot login, since subsite/register won't work (one needs already permissions to reach the subsite main node). Therefore, the site-admin has to grant read permissions to the public explicitly.

Other than this, everything looks ok with setup (A), the subsite works with http and https.

Testing setup (B):
- same as above, but:
- apm-parameter (acs-tcl): UseHostnameDomainforReg: 1

When UseHostnameDomainforReg is activated:
- login is redirected to the main site; the return_url as well.
- login cookies are set on the main-site and are not available on the subsite via the browser (maybe when setting "CookieDomain" and use "domain cookies" and appropriate sub-domain host names; not tested).
- This means that out of the box the user does not stay on the subsite but has to do all authorized work on the main site (which makes management of different users on subsite useless).

Also setup (B) works as well with the newest version in the oacs-5-9 branch. There were some issues in earlier version, but the actual version is fine in this respect. No nginx is involved.

For more details. see: https://openacs.org/bugtracker/openacs/patch?patch_number=848

all the best
-g

Collapse
Posted by Iuri Sampaio on
Hi there,

@Gustaff, Nice results!
So far, I've set up a fresh installation of OACS 5.9 instance under NaviServer and Postgresql 9.1.

I assigned eventeasy.iurix.com to the same IP that iurix.com uses. Both DNS's point to /var/www/oacs-5-9/. There is only one NS service up, thus a unique config file: iurix.tcl.

I've created eventeasy as an acs-subsite. I've created a host-node eventeasy.iurix.com /eventeasy

However I don't have the behavior expected. the address eventeasy.iurix.com shows the Main Site. It was supposed to display /eventeasy.

Take a look: http://eventeasy.iurix.com/

Best wishes

Collapse
Posted by Benjamin Brink on
Hi Iuri,

It works (here) using today's install-ns script and OpenACS HEAD via cvs .. that's ns 4.99.12. Minor changes were made to configuration settings for adjusting to system running FreeBSD 10.3 stable using different ns and pg user and ns group.

Here's the host node mapped subsites and domains (using port 8000) with original domain or97.net, so you can confirm yourself:
/test1/test2/ dekka.com
/test3/ bitscafe.com

The logs show repeats of these errors:

"Error: Unknown driver: nssock_v4. Only know nssock, nsunix, nsssl, nsssle, nsopenssl"
which originates from util_driver_info.

Are there any errors in the logs on your site?
Want to try oacs-HEAD to help isolate the issue?

Ben

Collapse
Posted by Gustaf Neumann on
Ben, the version from CVS head is essentially the OpenACS 5.9.0 release, which predates naviserver 4.99.11 and 4.99.12. Having multiple nssock drivers is necessary, when the same driver should listen on two different, explicitly specified ip addresses.... This is handled in newer versions in the oacs-5-9branch. Did you test with the current version of the oacs-5-9 branch as well with the same results?
Collapse
Posted by Benjamin Brink on
Hi Gustaf,
Oh. Okay. I was thinking head was ahead of 5.9.

or97.net is running 5.9.1d4 from git without errors for 4.99.11 and 4.99.12.

Would it be useful if I test oacs-5-9 branch from cvs (or some other configuration)?

Collapse
Posted by Gustaf Neumann on
the git repository is pretty much in sync with CVS: "cvs HEAD" corresponds to "git master" and "cvs oacs-5-9" corresponds to "git oacs-5-9".

The latest kernel is 5.9.1d16, so much has changed since 5.9.1d4.... yes, testing the actual version oacs-5-9 it would be useful (especially, if something more needs to be fixed).

Collapse
Posted by Benjamin Brink on
Hmm.. just cloned openacs-core from git.
git checkout oacs-5-9

installed data model. Upon restart, cannot login. Get this:
Error in include template "/var/www/oacs-HEAD/packages/acs-subsite/lib/login": wrong # args: should be "array set arrayName list"

I'll wait for further direction.
cheers,
Ben

Collapse
Posted by Gustaf Neumann on
you got the version from git. i fixed this glitch today morning in CVS, it will be in git tomorrow morning (MET).
Collapse
Posted by Benjamin Brink on
Ah okay. Thanks.
Collapse
Posted by Benjamin Brink on
Bingo. Works without error. Same hostnode map as above (using port 8000) with original domain or97.net, so you can confirm yourself:
/test1/test2/ dekka.com
/test3/ bitscafe.com

cheers,
Ben

Collapse
Posted by elle gonzalez on
. All of them under the very same umbrella: Mainsite. That's why they are accessible across different DNS'es and the same subsite "/instance"