How to give cname forward support to saas software
Asked Answered
D

4

11

I have a webapp where users can create their account and use the service. Now I want to give them a custom domain facility where app.customer1web.com points_to myservice.com with userid customer1 once he sets up the custom domain, for the world it looks like my service is running on his machine. Many services like blogger, wp.com, tumblr give this feature.

how do i do that? I am using java to write my web app. How do i map domain name to userid when request comes in?

Duntson answered 10/6, 2009 at 14:16 Comment(0)
D
22

How do i map domain name to userid when request comes in?

Obviously, you'll have to store that information somewhere, most likely in a database.

  1. Add a database table domains with columns:

    • customerId
    • name
    • active (1 or NULL)
    • challenge

    Add unique key for (name, active) to ensure a domain name is mapped only once.

  2. When a customer attempts to add a domain, add a row with active=NULL and challenge set to a random string.

    Show the random string to the customer and ask them to put up a web page with it on the site or create a dummy DNS record with it to verify domain ownership (this is how Google Apps do it).

    You could verify ownership by sending an email to the administrative contact or in some other way.

  3. When the customer says he did what you instructed them to do in step #2, verify it and set active=1, challenge=NULL.

    If the domain was previously active for some other customer, delete those records or set active=0.

  4. Ask the customer to add a CNAME record for their domain and forward it to your domain, e.g. hosted.myservice.com (Google uses ghs.google.com for Google Apps).

  5. When a request comes in, do

    SELECT customerId FROM domains WHERE name=:requestDomain AND active=1
    

A better way may be to automatically offer your customers a domain in the format of <customername>.myservice.com, in addition to custom domains. This gives you two benefits:

  • Customers who don't wan't to use their own domain can still customize their login page, e.g. with a company logo.

  • For custom domains, you can ask your customer to forward them to <customername>.myservice.com instead of to a generic hosted.myservice.com.

    This enables you to horizontally partition customers among multiple servers without having to ask customers to change anything on their end. For example, you could give customers an option to choose whether they want their account hosted in EU or US. When they change it, just transfer their data and update <customername>.myservice.com. Their custom domain will work automatically.

To do this, you'd have to set up a wildcard DNS record for *.myservice.com (unless you also need the latter feature, in which case you'll have to manage individual records).

Dredge answered 13/12, 2009 at 11:25 Comment(5)
I think this is a great answer. I learned something, thanks, Jaka!Tallman
Why do you have to verify domain ownership? If they can add a CNAME, isn't that proof enough?Repairman
@ChristianDavén You need CNAME verification! Lets use tumblr as an example (which I believe has this problem). Company ABC is going to launch soon. They will launch with blog.ABC.com . Evil company XYZ goes on tumblr and registers the CNAME blog.ABC.com to point to their blog before ABC does. Without verification which blog should it point to?Armallas
It's a great answer but it should be noted that SSL may be a problem with this setup.Weepy
@jaka-jančar after doing all this, how can we manage to handle SSL certificate for custom domain?Vacillation
S
3

One solution you could use is setting up a WildCard DNS Record for your application, and have the application itself check the RequestURI to see what host name the users are coming in on.

I know this is a very vague answer, but it sounds like having the WildCard record set up, with a single function checking the hostname is your best bet. This way, you do not have to set up a DNS record every time a customer signs up, and you have more time to yourself to do other things... like adding new features to your application!

Skyway answered 11/12, 2009 at 18:42 Comment(0)
P
0

I am not quite sure if I really understand what you would like to do but I try to give you a possible solution (at least for the Java part of your problem).

One possibility would be to set up your application server in a way that every request is handled by one single Servlet (web.xml). This servlet can find out about the request url (HttpServletRequest.getRequestURI) and extract the username. Then you know about the user and can use this information for whatever you would like to do.

Be aware that there is a lot of DNS-stuff involved in what you would like to do! (At least as fare as I understand it.)

Potassium answered 10/12, 2009 at 14:31 Comment(0)
H
0

@jaka's answer is well explained. To add more on to it, If you're using ngnix as a LB, it can forward the original hostname using the below configuration.

proxy_set_header Host $host;

If you're using express (nodejs), you can read hostname(cname) from the request headers. You can do your authorization checks with cname and user cookies.

For the certificate you can go with *.example.com (wildcard).

Hospitium answered 14/6, 2021 at 7:52 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.