0

I have an application which uses a main domain (domain.com) and I want to be able to point other domains to the same content without needing to maintain separate instances of the code. The application is contained with a folder on the main domain and this folder is not accessed by search engines etc so I am not worried about SEO etc. All of the domains will be on the same server running Apache.

I would like to ensure that the domain name stays as the user originally typed it rather than redirect to domain.com as the purpose of this is so multiple customers can use the code but with the application branded to them using their colours, logo etc using settings taken from a MySQL database.

For example, a user goes to newdomain.com and they see a login form which is a local stored within /home/newdomain/public_html - on successful login they are directed to /folder which contains the application but rather than be directed to newdomain.com/folder which is empty I would like them to be redirected to domain.com/folder (i.e. /home/domain/public_html/folder) but still see newdomain.com/folder in their browser so it is transparent to them.

I tried the below https://stackoverflow.com/a/9521102/1278201 using htaccess but it changes the URL to domain.com:

Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /

RewriteCond %{HTTP_HOST} !^(www\.)?domain\.com$ [NC]
RewriteRule ^ http://www.domain.com/%{REQUEST_URI} [R=301,L]

I also found a post which mentioned using Apache config which seemed a better option as I am not concerned about SEO but am not sure if I can use this to only redirect one folder (i.e. don't redirect webroot, just redirect /folder) https://stackoverflow.com/a/3849129/1278201:

NameVirtualHost *

<VirtualHost *>
ServerName domain.com
DocumentRoot /home/domain/public_html/folder
</VirtualHost>

<VirtualHost *>
ServerName newdomain.com
DocumentRoot /home/domain/public_html/folder
</VirtualHost>

I also found posts pointing out possible issues with sessions and SSL certificates https://stackoverflow.com/a/140008/1278201 both of which are used in the application. I am happy to install a separate SSL certificate per domain but could any of the above redirects "break" sessions? Obvioulsy if someone logs in to newdomain.com/folder and then goes to domain.com/folder they would need to login again but would the fact that domain.com/folder is redirecting to newdomain.com/folder have an impact on session security?

What is the best way to achieve the desired outcome?

Community
  • 1
  • 1
bhttoan
  • 2,219
  • 5
  • 35
  • 65
  • This is exactly what the [`ServerAlias`](http://httpd.apache.org/docs/2.2/mod/core.html#serveralias) directive is for. – DaveRandom Jan 02 '13 at 11:47

2 Answers2

2

You can use 'P' (stands for proxypass)as flag instead of 'R=301' :

RewriteCond %{HTTP_HOST} !^(www\.)?domain\.com$ [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [P,L]

Also change the virtual hosts to single one :

NameVirtualHost *

<VirtualHost *>
    ServerName domain.com
    ServerAlias www.domain.com newdomain.com www.newdomain.com
    DocumentRoot /home/domain/public_html/folder
</VirtualHost>
René Höhle
  • 24,401
  • 22
  • 66
  • 73
Ratish Ravindran
  • 151
  • 4
0

vhost configuration

The above configuration snippet simply sets up two virtualHosts in Apache. Each of them point to the same documentRoot - this is the folder which will be the websites root folder. No redirection in place. Vhosts are the correct solution.

EDIT1 If you want to generally use the same files for all vhosts but with single exceptions you can either rewrite the request using mod_rewrite or mod_alias in each of your vhosts

e.g. domain.com/favicon.ico could be read from document_root/specific/domain.com/favicon.ico

SSL certificates

Unless your customers share a domain using subdomains you will need a SSL certificate for each vhost. In case they just get a subdomain, you can buy one wildcard certificate *.yourdomain.com

The problem with several domains is, that you need one IP per vhost in order to use different SSL certificates: How can I setup different SSL-Certificates for vhosts on Apache?

Sessions

Your application will need to check the domain. A cookie is set for a specific domain but the client could just "move" the session to another domain by manipulating the cookie. Anyway I don't think you want to allow all users on all domains, so a check will be required at the credential checking already. In addition you can save the domain into the session and terminate the session when the domain changes

session_start();
if ( user_authorized_with_credentials_and_domain ) {
     $_SESSION['sess_domain'] = $_SERVER['HTTP_HOST'];
}

On later requests you can compare

if ( $_SESSION['sess_domain'] !== $_SERVER['HTTP_HOST'] ) {
    session_destroy();
    // redirect to login
}
Community
  • 1
  • 1
Michel Feldheim
  • 16,339
  • 5
  • 53
  • 77
  • So can I use "ServerName newdomain.com/folder" or will it only work on the whole domain? i.e. I would like root to show content in the local domain and folder to show the domain.com/folder content – bhttoan Jan 02 '13 at 12:02
  • Er.. would you mind reading the link about vhosts? `ServerName domain.com` would make all request coming in on `domain.com` read from your specified folder. This can be requests like `/` or `/i/love/cookies.html`, if this exists in your folder. – Michel Feldheim Jan 02 '13 at 12:09
  • That is what I suspected - I need the user to be able to view newdomain.com/login.php served from the local domain and only use domain.com/folder when they are directed to /folder. If I read the link correctly then I cannot do this with vhosts as it is all or nothing i.e. newdomain.com/login.php would actually use domain.com/login.php which is not what I need – bhttoan Jan 02 '13 at 12:18