Domain names for production / development server best practice - development-environment

Ok so I have a number of CMSs and eCommerce applications, that require the correct URL (otherwise the links will not work). Of course in my development server, the domain name cannot be the same as the production server... do you guys just do an edit/replace on all files and edit the mysql entries before pushing the development to production server environment? Or is there a better way to do this?

You could just place everything in a directory with a random hex or other valid characters as the name like:
yourdomain.com/XHTEDD12222-112KJK
You might also want to include an entry in your robots.txt file to exclude this directory. This isn't 100% safe, and it is best to use a local server or access the site via IPv6. IPv6 is suggested over IPv4 for security with crawlers. Anything you put up publicly isn't exactly safe.
Once you change the name with one of the above options, you could just refactor your project with the name change. If you go with IP and or local server, you can refactor to that number and it should still work.
You may also look into editing host files to achieve a similar workaround without redirecting DNS servers to point at your development server, but this is OS dependent. Comment your OS and I might be able to help with that.
Lastly, for security, you could include a PHP wrapper for all of your pages that look for a specific IP address in $_SERVER['REMOTE_ADDR'] global variable, but this could get really complicated to implement and I'm unaware of any currently available components that do this.

Related

How to create a friendly url in Tomcat?

I want to modify my application URL from //localhost:8080/monitor/index.html to just monitor , so that on putting monitor on browser, my application should open. Is there a way to achieve this, can someone suggest the configuration changes which will be required for this.
Can I map my short URL to the existing one may be somewhere in web.xml. I am not sure about the approach any suggestions will be great.
Thanks and regards
Deb
You're mixing up several different protocol layers in your question.
If you just enter nothing but "monitor" in the browser URL bar the browser is going to first lookup "monitor" in DNS and finding nothing it will then probably send a query to Google or your configured search engine. In the past browsers have taken other steps, such as appending ".com" and prepending "www." but I don't think modern browsers do that any more.
So far, your server is not even remotely involved.
If you're a large ISP user (TimeWarner, Comcast) and use their DNS it's also possible the ISP will intercept your failed DNS lookup and route the request to a "helpful" search page (i.e. SPAM) of their own.
At this point the request is still nowhere near your server.
I suppose you could mess with the /etc/hosts file on your local system to resolve "monitor" to the proper hostname, but that's an extremely brittle solution that has to be hard coded on each machine you want to have this "shortcut" link (and which breaks when the hostname changes).
You're much better off just setting up a web shortcut in your browser that points to the right place.

What's the directory structure should be for multiple domains under a single user? (apache)

I have an account on some VPS(friend's apache server with cPanel) and there I have one public_html directory.
We have in there about 5-6 websites:
/home/myusername/public_html/domain-1.name/index.php
/home/myusername/public_html/domain-2.name/index.php
but I don't like this way, I'd like to orginise it better and be able to separate and isolate some stuff for each website.
So what if I create like that:
/home/myusername/websites/domain-1.name/public_html/index.php
/home/myusername/websites/domain-2.name/public_html/index.php and so on
Would it be a correct way of structurising web directories?
And would apache work like that?
Perhaps there are out there some other conventions or common workarounds?
Thanks
This is perfectly fine. In fact I'd highly recommend against using the domain folder as the document root as typical web application will also contain data that is not publically accessable (e.g. configuration files, management scripts, version control files, etc.)
Personally I prefer the name htdocs and I keep my sites under /srv/http
For example:
/srv/http/user1/domain1/htdocs/
/srv/http/user1/domain2/htdocs/
/srv/http/user1/domain3/htdocs/
/srv/http/user2/domain4/htdocs/
/srv/http/user3/domain5/htdocs/
That way you can set the DocumentRoot to the htdocs directory and put other stuff that is not meant to be delivered by the web server in a different sub directory of the domain directory.
Ok, I want just to conclude and to outline the way I went with.
Thanks to #bikeshedder for ideas!
So having a single account(none-root) /home/myusername/ under linux VPS server, I didn't want to abstract completely from existent directory structure, but at the same time I wanted to create proper environment to isolate and separate clients and their spaces.
Main goals were:
* The new directory structure should help to keep all files and folders in a nice and clear order.
* Easy to navigate and browse.
* Each developer or client would have access only to their space.
The structure:
/home/myusername/http/client-1/domain-1/public_html/index.php
/home/myusername/http/client-1/domain-1/resources/
/home/myusername/http/client-1/domain-1/configuration.php
/home/myusername/http/client-1/domain-2/public_html/index.php
/home/myusername/http/client-1/client's_resource_dir/
/home/myusername/http/client-2/domain-3/public_html/index.php
/home/myusername/http/client-2/domain-3/subdomain/public_html/index.php
As result:
* We have isolated client's space and isolated domain space. That makes enough room for any type of web projects.
* Files and dirs are not mixed up with other projects, domains and clients anymore.
* For subdomain paths it can be
- as subdirectories /domain-3.name/subdomain/public_html/
- or additional subdomain directory /subdomain.domain-3.name/public_html/depending on requirements or size of subdomain website.
* Public_html is going to be a DocumentRoot for each website.
I did not go for srv/ and var/www dirs, cuz to me it sounds like server in the server and also I don't feel variable data var/ in current setup falls under web stuff.
Though it may make sense for our coming soon local web/file sharing server
But here now I have another question:
How would I specify new path to be a default one for cPanel? and only for my user?
Cuz now there is going to be multiple DocumentRoot directories in one user space.
Is that possible by Apache design?
I better create new question :) And then will edit my question with answer
Any suggestion welcome!
Normally go with this once hosting from 5-30++ sites, depending on complexity of content, traffic, perceived future migration strategies to more dedicated virtual or bare metal servers/instances.
/<node-serial-or-hostname-or-domain>/<#|subdomain|www|others>/index.<html|php|jsp|aspx|what-not>
/<node-serial-or-hostname-or-domain>/<#|subdomain|www|others>/assets/...
/<node-serial-or-hostname-or-domain>/<#|subdomain|www|others>/index.<html|php|jsp|aspx|what-not>
/<node-serial-or-hostname-or-domain>/<#|subdomain|www|others>/assets/...
/<node-serial-or-hostname-or-domain>/<#|subdomain|www|others>/index.<html|php|jsp|aspx|what-not>
/<node-serial-or-hostname-or-domain>/<#|subdomain|www|others>/assets/...
/<node-serial-or-hostname-or-domain>/<#|subdomain|www|others>/index.<html|php|jsp|aspx|what-not>
/<node-serial-or-hostname-or-domain>/<#|subdomain|www|others>/assets/...
/<node-serial-or-hostname-or-domain>/<#|subdomain|www|others>/index.<html|php|jsp|aspx|what-not>
/<node-serial-or-hostname-or-domain>/<#|subdomain|www|others>/assets/...

Strange domains in mod_pagespeed cache folder

About a year ago I have installed mod_pagespeed on my VPS server, set it up and left it running. Recently I was exploring files on my server, went to pagespeed cache folder and discovered some strange folders.
All folders usually named this way ,2Fwww.mydomain.com or ,2F111.111.111.111 for IP addresses. I was surprised to see some domains that does not belong to me, like:
24x7-allrequestsallowed.com
allrequestsallowed.com
m.odnoklassniki.ru
www.fbi.gov
www.securitylab.ru
It looks like something dodgy is going on, was my server compromised, is there any reasonable explanation?
That does look peculiar. Everything in the cache folder should be files that mod_pagespeed tried to rewrite. There are two ways that I know of that this can happen:
1) You reference some third-party resource (say an image from another domain, or google analytics script) and you have explicitly enabled rewriting of that domain with ModPagespeedDomain www.example.com or ModPagespeedDomain *.
2) If your server accepts HTTP requests with invalid Host headers. Try (for example) wget --header="Host: www.fbi.gov" www.yourdomain.com/foo/bar.html. If your server accepts requests like that it may be providing mod_pagespeed with an incorrect base domain, and then subresources would be fetched from the same domain (so if www.yourdomain.com/foo/bar.html references some.jpeg, and your server accepts invalid host headers, we could fetch www.fbi.gov/foo/some.jpeg as the resource). There was a recent security release that makes sure all of these subrequests are done against localhost (not arbitrary third-party websites). Please see: https://developers.google.com/speed/docs/mod_pagespeed/CVE-2012-4001
You might want to look through these folders and see what specific resources are in there. I think that the biggest concern you should have is that someone might be trying to perform an XSS attack on your users or maybe a DDoS attack against another website (like www.fbi.gov), using your server as one vector. I do not think that these folders are indicative that your server itself is compromised.
If you would like to discuss this more, https://groups.google.com/forum/?fromgroups#!forum/mod-pagespeed-discuss is a good list to join and email.

Making a localhost apache webserver go live

I have looked all over the internet and I can't a reasonable way to make my web-server running on apache go live with an unique ip and everything. How would i got about making it live and viewable for other people?
Normally you would not do this. You'd buy a hosting account from some provider like GoDaddy, BlueHost, etc. and put your software there, and make it visible that way. Making your localhost server viewable would involve buying a static IP, which is not cost effective for most people.
I suppose it depends on what you mean by "go live" if you need it to host a specific domain name then yes - get a shared hosting account somewhere ~ if you just need access to it and it does not matter what the domain name is, you can use something like DynDNS: http://www.dyndns.com/services/dns/dyndns/
-sean

How to hide distributed servers under a single domain?

I currently host my company's website and blog on separate servers, reached by separate domain names - www.example.com and www.example.net. This is so I can give blog server access to our partners without compromising security on our main server. However, our SEO guy is now demanding that the blog be put on our main server, as www.example.com/blog.
I would like to maintain the current server separation rather than putting both on the same server. Is there any good way to keep them separated, but have them both under a single domain name? A subdomain would also be acceptable (blog.example.com).
My main website server is a Debian box running Apache 2, and I have full root access to it. The blog server is run by Hostgator, and I have limited access.
Edit: Thanks, all. In this particular situation I don't particularly want to transfer the blog again, and I don't have easy access to the DNS records, so i went with mod_proxy and it worked like a charm. I wish I could give you all "preferred answer" status, though, because all of your information was awesome.
A subdomain would be easy: just create an A record in DNS which maps blog.example.com to the IP address of the blog server, and have another A record in DNS which maps www.example.com to the main website server (this latter record probably already exists).
Would the SEO guy be happy with blog.example.com? It's not the same from an SEO perspective, but it might be good enough for him. I work at a company where SEO is at least 1/3 of what we do, and that's our setup: blog.example.com and www.example.com.
You could try to get fancy and proxy requests to /blog to the 2nd server, if you insist on keeping the blog off your box, but I think you can find a secure way to share space. Proxying like that could get annoying, and it basically doubles the latency to your blog.
Give the blog guys an account on your box; don't give them root/special privileges. If you can get away with it, don't even give them SSH access -- just give them a FTP login (make sure they can't access /var/www), and maybe a mysql account or something. (As you can see, this all depends on how much control/power the blog folks demand.)
Then, just make a symlink to the blog root, so they can write to a restricted area like /home/blog/www and still have it included in the website:
ln -s ~blog/www /var/www/blog
If a subdomain is for some reason not a possible way for you to go, you could use Apache's mod_proxy module to proxy requests to /blog to your second server.