I have a single bluemix account for our company, serving multiple BUs, which each have their own organization in bluemix.
Each organization provides sites and services and we want all applications to be available on the same common domain name.
Can I re-use the same custom domain name in multiple organizations in bluemix? For each application I will assign a unique subdomain of course.
Or is this bad practice? Should I rather create a single organization and multiple spaces, one for each BU, instead? (Which would of course eliminate the problem - perhaps I have the answer!).
Yes, you should be able to do cf share-private-domain OTHER_ORG MY_CUSTOM_DOMAIN. This is a general feature of open-source Cloud Foundry, so it should work on Bluemix as well, but you should try it out to be certain.
Related
Let say we are build an ecommerce application for web and mobile using REST API with Admin, Merchants and customers roles using Laravel/Lumen.
Is it a good best practice to have separated application for each roles with single database?
One application will usually suffice. It is usually best practice to have a single API (or a single set of microservices) where endpoints enforce your security policies for each role - rather than separate services for each role. This is more maintainable because these services typically share a lot of logic.
On the front end, it may be a different story. You might want a separate Admin app that has such different functionality that it makes sense to build it separately.
I have a internal PKI which issues certificates for two types of end entities. First is a group of IoT devices and second is for few web applications. Subject name of the former will be X.500 DN, whereas the later contains dns address of the web application. How does an application (Relying party) validates the use(IoT device or Web application) of the target certificate? One way is to use initial-permitted-subtrees (refer RFC5280) with empty name types. Other way i thought is to create two different policies for the two certificates types and user-initial-policy-set as a filter. But is it valid to have two different policies for one PKI? Which of the above two ways is more meaningful? Are there any efficient methods apart from this?
We are developing a keycloak(5.0.0) based solution where our clients can create their account with us and manage their own users - and only their users.
Initially with thought that we could use realms for this. Every client gets their own realm. After initial testing we deemed it might not be a good solution as after creating ~500 realms the application becomes unresponsive(https://issues.jboss.org/browse/KEYCLOAK-4593).
We decided to try using Groups to emulate a tenant. Our objective is to create during an external process(keycloak REST API) a group with an admin user.
Can't find currently a way how to restrict this administrator to be able to only manage their own group(creating subgroups, managing users, and giving them roles).
I've noticed several emails mentioning these features but I fail to find actual examples to make this work.
http://lists.jboss.org/pipermail/keycloak-user/2017-June/010882.html
http://lists.jboss.org/pipermail/keycloak-dev/2017-June/009496.html
The second link shows exactly what we would like to achieve.
Current alternative I can see is to implement a facade(client or separate web app) which would restrict visibility and access to other groups.
Are there other alternatives?
I've been following instructions on the Azure site to add a CNAME to point to my Azure website. I have had some problems getting it to work and there seems to be some contradictory information in some of the posts.
I have my website running in "Shared" mode, which according to the Azure instructions supports custom domains and indeed it seems to allow me to manage domains. But some posts seem to indicate that I have to run in reserved mode. Can anyone confirm this?
Also, some posts seem to indicate that I need to add the CNAME in the Azure management portal, but I cannot find where this is. Any help appreciated?
I don't really understand A records and CNAME that well. My DNS provider allows me to add both. Do I need to change both? Currently my A record points the "root" to the IP address that Azure gives me and the CNAME points www.mydomain to the Azure website host mysite.azurewebsites.net. I have left them for a while to propogate and nothing seem to happen.
The notion of FREE, SHARED, RESERVED website categories are very recent; Microsoft Launched it just 2 days ago. Earlier it used to be either FREE or RESERVED. You get to attach a custom domain name only for reserved instance.
With the new feature of low cost shared option, you get to attach a custom domain but it will still be in the shared pool of Azure Websites. It works out around $9.36 a month.
The reason for contradiction info in the posts are due to new to features. In short you can use both SHARED and RESERVED for attaching custom domain. With shared it is little cheaper provided you are fine with your website being served for shared pool.
Just go the SCALE Table and make your website instance SHARED from default free and then go to Configure table to put your CNAME
DNS Management is handled differently by different domain or hosting providers , there are three places these changes can be performed (may be more )
cpanel
domain manage panel
WHM panel
if you have only taken a domain most probably your domain provider will send you a url, in which "manage dns " option will be there.
if your site is already hosted then you might have to do it in cpanel or whm.
so better call your domain hosting provider for exact steps . it saves a lot of time
Iam building a web portal which will be rented to customers on a hosted model (SAAS), where they will be using the entire portal features on their own domains with their own branding.
Now I don't want them to get the files of my web-portal, but still be able to use a custom branded portal.
One solution which someone suggested here was to host the branded version on my server and all it via an Iframe on the customer's domain. However I didn't like the idea very much.
One second approach which I researched and found was to host the portal on a fresh IP in my server and ask the customer to point his domain to that ip.
The webportal will be sold to lot of customers and they all will have separate User Interfaces and brandings, so this is needed.
Please suggest me what do you feel about my approach or if you guys have a better idea in mind please pour in your suggestions.
iFrames are evil.
With that said I would probably go with a subdomain approach. They add a subdomain like webportal.somecompany.com that points to you and have your webserver route them to the correct hosted instance of your application based on subdomain. That way their www.somecompany.com still goes to their website.
We're running a SAAS application that supports branding, and we do it by dynamically serving up CSS. If all of your customers have a unique domain name pointed at your server, you could select your CSS files by domain name: If a customer logs in at "http://portal.customer.com/login", you can have his HTML link to the file "/stylesheets/portal.customer.com.css", and so forth. Alternatively, you can create a subdomain for each of your customers, and point them all at your master server, using very similar code to pick the CSS.
This lets you have a single IP address for all customers (and only as many servers as you need to support all your customers behind that IP address), instead of one IP address / server per customer - should cut save on hosting costs!
(NOTE: I'm leaning toward the subdomain approach, the more I think about it. If you're using HTTPS, it would let you use a single "*.yourdomain.com" certificate, rather than trying to mess with separate certificates for each client domain.)
You don't need to run different IPs for different customers. HTTP 1.1 supports Host: like so
GET / HTTP/1.1
Host: example.com
This is how most shared hosts work. When a customer sets up their DNS records to point at your server/load balancer, the incoming requests will have your client's hostname in the headers. Whether you set up virtual hosts in say Apache or do it at the application level is up to you.
Please for your own sake don't do iframes. There's a lot of information on the web on architecture for multi tenant applications.
I made the experience that in such a scenario your customers will come up with any possible web UI requirement you can imagine. Therefore it is rather difficult to build a web UI framework that can accomodate to all the needs, in fact this would rather be a content management system.
Furthemore, for building the web UI, you may meet any combination of customer in-house development, 3rd party web agency or request to get it developed by yourself.
In such situations I made good experiences with offering the SaaS as actual web services allowing custom developed portals to run on top. With this, anybody can build the actual portal with the clients look and feel. You could offer development and hosting as an option.