Search code examples
securityruby-on-rails-4nginxsubdomainunicorn

Is a good practice using variable subdomains?

I have a web page, and now I've thought add subdomains so to have more readable urls

For example, if my main page is www.myshop.com add 

product1.myshop.com
category1.myshop.com
etc...

It is hosted on Digital Ocean, and is runing under: Ubuntu, nginx, unicorn, and POstgreSql database, developed with Ruby on Rails

Once I've read docs about subdomains, I have realized that I can have variable subdomains, What I've tried is :

1) Add a "A" record with * in "Domain configuration of Digital Ocean

2) Modify nginx configuration file, adding a new line as I did for "www" subdomain, but with " * "

server {
   listen 80;
   server_name myshop.com;
   return 301 $scheme://www.myshop$request_uri;

   # NEW LINE --->
   return 301 $scheme://*.myshop$request_uri; 
}

After that, within Ruby on Rails program, catching anything (category,product-name...etc as subdomains) before myshop.com is easy, and there I could redirect to category web pages or product web page, or or whatever automatically !

so, for example, if user types whells.myshop.com I will redirec to www.mysop.com/categories/wheels

(of course, the great thing is the wheels is a value in table)

without the need to register the names of subdomain, in Digital Ocean or in ngingx configuration file

But,seems too easy to be true...:/

Is this not secure? is a bad practice?

Thanks a lot, (stackoverflow: very good web and very good users)

Solution

  • No, there is no inherent risk in using subdomains as opposed to using paths to direct a request. It all depends upon how you have your code organized, what tools you are using, how different teams that work on the site are organized, etc.

    In both cases, you would require robust authentication and authorization.

    Typically sub domains are useful when you have two distinct websites on the same domain. For example, wordpress.com uses subdomains for each of the user that has a site on wordpress.com. If I were to set up a site there, it would be saq7.wordpress.com.

    However, they could also choose to use paths to route to different websites of different users www.wordpress.com/saq7.

    Its a choice you get to make as an engineer, with the criteria being

    • Elegance of the url itself
    • organization of your code
    • organization of your team
    • whether you like oranges or apples...