Multiple Sites with 1 Certificate

Mark_Strickland · February 17, 2015, 4:35pm

I have a need to deploy multiple applications but under the same sub domain name so I don’t have to use multiple certificates. I am using the Abyss Web Server that seems to work pretty well.

Currently I have embedded several apps into the same physical XOJO project and it compiles to a single CGI app. I use a URL parameter to launch to the main home screen for each app. I essentially have a “portal” page with logic to detect this on the URL:
… http://myapp.mydomain.com/?app=x
Where the x = 1 or 2 or 3 (etc.)
Based on the parameter value I will then automatically CLOSE the portal page and SHOW the launching page for the specific application. The certificate is tied to “myapp.mydomain.com”.

If you leave out the parameter or it is invalid then the portal page has a message that explains “If you have landed here then … blah blah”.

Is there a better way to do this and only have one certificate? I am not worried about having to use the URL parameter but after a while the XOJO source will begin to get pretty big and “cluttered” with multiple unrelated applications in the same project.

My environment won’t allow a wild card certificate of *.mydomain.com but would allow a wild card of something like *.portal.mydomain.com. I could then use http://myapp1.portal.mydomain.com, http://myapp2.portal.mydomain.com, etc. Then each app would have it’s own Web Application on Abyss but they would all use the same certificate.

Or is it possible for a CGI XOJO Web app (my portal app) to launch a different compiled CGI file on the same domain based on a URL parameter?

I want to get this right so I don’t end up 6 months from now with something that has become un-managable or one giant app with performance issues.

Mark_Strickland · February 18, 2015, 9:12pm

After some “tinkering” with the URL Rewrite rules I got this to work.

I can do this:
https://myapps.mydomain.com/appone
and
https://myapps.mydomain.com/apptwo

Each one can run a different XOJO Web App via the Rewrite Rules but they both use the same SSL certificate.

Ercole_Gosi · February 19, 2015, 11:15am

great !! could you share with us ?

Thanks

Luciano

Mark_Strickland · February 19, 2015, 4:27pm

As it turned out this was pretty easy so since Luciano asked here are the steps. I use the Abyss Webserver but Apache has similar features.

Setup your Website and add the certificate just as you would normally with your main domain.
Something like https://www.mydomain.com).

Setup a URL re-write rule for EACH different app you need that will “trigger” based on something in the URL. In Abyss and Apache this can be a regular expression.
The URL would be something like https://www.mydomain.com/appone
The match in this example would be “appone”.

Setup additional re-write rules for each different app.
Something like https://www.mydomain.com/apptwo

Each re-write rule has a setting that if it is matched to stop processing additional rules. The Webserver will cascade through each rule and if it finds a match it will change (re-write) the URL and process it normally.

Each re-write rule has a “redirect to” that can contain the full path to the proper CGI for your desired XOJO app.
Something like https://www.mydomain.com/XOJO_apptwo.cgi
If needed it can even contain parameters like https://www.mydomain.com/XOJO-apptwo.cgi/?parm1=abc&parm2=xyz

In both Abyss and Apache if the original URL had parameters they will be combined with any parameters on the “redirect to” URL.

The XOJO_apptwo.cgi is assumed to be in the same base directory as configured for that Website based how your Webserver is configured. You can name your XOJO app just about anything you want but the URL used by the user can be much simpler. Even https://www.mydomain.com/1 would work.

I discovered one problem. If the redirected URL contains something that matches the regular expression in the rule it will loop and not work as expected. If your regular expression match is looking for “apptwo” anywhere in the URL then “apptwo.cgi” will match “apptwo” and loop replacing it again and again.
URL Example: https://www.mydomain.com/apptwo
URL redirect to: https://www.mydomain.com/apptwo.cgi

The simple fix is to make the regular expression only match the right most end of the URL. If you just type a string of characters to match it will match ANYWHERE in the URL. The other fix would be to make the XOJO app name totally different from anything on the original user supplied URL.

I think the regex to match the right end of the URL in this case would be “apptwo$” (no quotes but trailing $). The $ is the right end of the string anchor. Make sure if you create a fancy regex that it is supported by your Webserver.

Since the redirection is to itself with the same base domain name on the same Webserver the same certificate applies.

This is probably how it has always been done but I had never used re-write rules very much.

I hope this helps somebody if they need it.

Ercole_Gosi · February 20, 2015, 3:37pm

Thanks Mark,
I really appreciate.
I’ll try.

Luciano

Phillip_Zedalis · February 20, 2015, 4:15pm

Glad you got it working Mark. I would note that rewrite at the web server level is a pretty expensive operation. You might be better served by a wildcard cert and just serving apps from different subdomains. This works especially well with standalone apps which also perform much faster than CGI counterparts.

Mark_Strickland · February 27, 2015, 7:35pm

I do understand that the rewrite is a bit server intensive but for now my server load is pretty low (probably only 1-2 concurrent users most of the time and maybe 10 tops when busy).

I also cannot have a first level sub-domain wild card (*.mydomain.com) by policy. This makes *.subdomain.mydomain.com a little more un-friendly.

Just for me and others to better understand, with XOJO, when does the re-write rule get applied. Obviously when the user opens the first page the re-write rule has to find the correct CGI program. If you don’t change pages I assume re-write rules would have no impact. What is un-clear to me is how does XOJO handle a page change in the same CGI?

Phillip_Zedalis · March 2, 2015, 4:41pm

.htaccess files are read each request (at least historically, maybe Apache compares the .htaccess file md5 between requests or something). The user does not just hit the CGI file once and all is good. Every single javascript request is routed through the CGI app. I don’t know off hand if Apache rewrites the HTTP content that is returned to update the URL or if it just looks it up each time. Either way its not optimal but doable with such small number of concurrent users. Just an FYI.

Mark_Strickland1 · March 3, 2015, 5:09pm

It appears that I don’t fully understand how things are working with XOJO. My initial “tinkering” seemed to indicate I could do what I wanted (and yes maybe with a performance penalty) but it really does not work fully.

My results with a re-write rule … If NO server cgi program has ever been launched on the Web Server (like AppOne.exe) then the re-write rule will direct the Webserver to launch the correct CGI (AppOne.exe or AppTwo.exe) based on the re-write rule. BUT if AppOne.exe has been launched then launching AppTwo.exe with the re-write rule gets the “Can’t launch on port xxxx” error.

So back to my original question …

How can I use the same subdomain but launch different XOJO cgi files based on a simplified URL or some URL parameter?

Mark_Strickland1 · March 3, 2015, 5:42pm

OK – More “tinkering”.

If appears that you MUST compile the XOJO app with the actual name of the CGI, EXE, and App Identifier you are going to use. You cannot rename anything or modify the reference in the config.cfg file.

The re-write rule must be an EXTERNAL redirection to the full URL of the CGI you are trying to launch. This of course does NOT hide the URL like an internal redirection.

These two things seem to make it work as expected.