search

jacobwb / hashover-next

This branch will be HashOver 2.0
GNU Affero General Public License v3.0
420 stars 87 forks source link

multi-site support #299

Open gour opened 3 years ago

gour commented 3 years ago

Hello,

I'm looking for a commenting engine to serve my Hugo-generated static websites. I like that HashOver is written in PHP since I anyway have to use PHP on the server for Matomo analytics, but wonder if single instance of HashOver can serve comments in multiple site?

zimocode commented 3 years ago

YES.

  1. deploy HashOver on comments.example.com
  2. edit backend/classes/sensitivesettings.php, change : 
    public $allowedDomains = array (
        // '*.example.com',
        // '*.example.org',
        // '*.example.net'
);

    TO:

    public $allowedDomains = array (
        'www.site0.com',
        'www.site1.com'
);
  3. now , it works on www.site0.com and www.site1.com.
gour commented 3 years ago

YES.

1. deploy HashOver on comments.example.com

When I tried to do that, I get CORS problem:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://hashover.tld.com/backend/comments-ajax.php. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘http://demo.tld.com’).

iow. I tried to deploy HashOver at https://hashover.tld.com to serve comments for the https://demo.tld.com site?

I also wonder about the possibility to manage all comments from the single place in regard to #284?

jacobwb commented 3 years ago

@gour What do you have in the $allowedDomains setting? You should only have the domain name. If you are running HashOver on hashover.tld.com the setting should contain the domain demo.tld.com. Alternatively, you can use a wildcard, like *.tld.com, this way it will work from any subdomain. Also, you may have to use the same scheme on both websites. Your error says "http://demo.tld.com" not "https://demo.tld.com", if you are using HTTPS on demo.tld.com you may also have to use HTTPS on hashover.tld.com. Check to make sure you are doing so.

As for managing all comments from a single page, the situation is the same as my response in that issue, it isn't implemented. The current plan is to add a page that uses the Latest Comments API to display the 10 most recent comments from all pages, from there a structural change to how comments are stored may be required in order to display more comments. The moderation needs to be improved altogether, but for now I don't have the time to give proper consideration to a better implementation.

gour commented 3 years ago

@gour What do you have in the $allowedDomains setting?

I've wildcard *.tld.com and using HTTPS everywhere?

As for managing all comments from a single page, the situation is the same as my response in that issue, it isn't implemented.

OK.

jacobwb commented 3 years ago

@gour Is $supportsMultisites also set to true ?

gour commented 3 years ago

@gour Is $supportsMultisites also set to true ?

I've changed it to true, but still get:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://hashover.tld.com/backend/comments-ajax.php. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘http://demo.tld.com’).

and I'm puzzled why it does complain about http://demo.tld.com since it is supposed to serve via HTTPS only?

Edit: Let me add that the setup where I run Hashover is kind of semi-share hosting where Apache is running behing Ngix acting as reverse proxy, if that does matter for some reason.

jacobwb commented 3 years ago

@gour

Edit: Let me add that the setup where I run Hashover is kind of semi-share hosting where Apache is running behing Ngix acting as reverse proxy, if that does matter for some reason.

This may matter, yes. I actually already have code to handle this, or at least it should, but I haven't seen anyone need it. So, I will commit that code now, please test it. I think this is just a matter of HTTPS not being detected properly because of the proxy.