Mobile app version of vmapp.org
Login or Join
Reiling115

: SSL on multiple directories I have a website that is http, but has a port set up for https for a specific directory that is for the shopping cart. Now I'd like to use our SSL on a different

@Reiling115

Posted in: #Apache #Https #Php #Security #Virtualhost

I have a website that is http, but has a port set up for https for a specific directory that is for the shopping cart. Now I'd like to use our SSL on a different directory in the same site as well. How can I go about configuring that?

I have tried looking into all of the config files as well as the docs and cannot figure it out.

I tried setting this in httpd.config as well

<VirtualHost 127.0.0.1:[ssl port]> #also tried *:[ssl port] and [actual IP]:[ssl port]
ServerAdmin shred@me.com
DocumentRoot "C:/path/sslNeededDir"
ServerName example.com </VirtualHost>


hoping that it would cause pages in this directory to use ssl port and become https, but that didn't do anything. Any help is greatly appreciated.

Update: This finally got migrated over. I'm still looking for a solid answer on this. If anyone could help me, it would be greatly appreciated.

10.01% popularity Vote Up Vote Down


Login to follow query

More posts by @Reiling115

1 Comments

Sorted by latest first Latest Oldest Best

 

@Cofer257

To do this with an alias is probably the simplest method. For argument's sake, lets say that this is your current <VirtualHost> for the directory that is served by SSL (known good config lifted off my dev server, if you're interested):

<VirtualHost 11.22.33.44:443>

# Basic vhost config
ServerAdmin administrator@mysite.com
ServerName secure.mysite.com:443

# Directory configuration
DocumentRoot "/WebServer/virtualhosts/secure.mysite.com/htdocs"
<Directory "/WebServer/virtualhosts/secure.mysite.com/htdocs">
Options FollowSymLinks ExecCGI
AllowOverride All
Order allow,deny
Allow from all
</Directory>

# Logging configuration
# Rem: ssl logging format defined in httpd.conf
ErrorLog "/WebServer/virtualhosts/secure.mysite.com/logs/error.log"
CustomLog "/WebServer/virtualhosts/secure.mysite.com/logs/access.log" ssl

# SSL configuration
# Rem: This works properly, fingerpoken ist verboten!
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/var/apache/conf/certs/secure-mysite-com.cert"
SSLCertificateKeyFile "/var/apache/conf/certs/secure-mysite-com.key"
<FilesMatch ".(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/apache/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*"
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0

</VirtualHost>


As you can (hopefully) see from the above config, when I request the root of the virtual host - i.e. I request secure.mysite.com/ - I will be working with the local directory /WebServer/virtualhosts/secure.mysite.com/htdocs.

As you can also hopefully see, setting up a virtual host properly is not just a trivial case of chucking a couple of ServerName and DocumentRoot directives together, it needs to be carefully tuned to do exactly what you want it to. Most of the time you want host-specific logging, if you are using SSL you need to define some basic behaviours and make sure that information is available to your server side scripts, you need to do the obligatory buggering about writing IE specific code and configuration (grrr...) etc etc etc.

Now let's say I want to serve /WebServer/virtualhosts/secure.someothersite.com/htdocs using the same certificate and host name. First I have to decide how I want to be able to access it - and I decide I want to use the address secure.mysite.com/someothersite/. I could just create a symlink in the original document root and have done with it, but that would be potentially confusing to other people working with the local file system. No, we'll use the aforementioned Alias directive instead.

The basic syntax for this is Alias /url-path /full/file/system/path - so I will need this line:

Alias /someothersite /WebServer/virtualhosts/secure.someothersite.com/htdocs


Note that I did not include the trailing slash on the end of either of the file paths. This is important for usage to be intuitive and behave as you expect. Great - now Apache will know that when I request /someothersite, I actually want to read a directory that isn't really in the document root. And you might think that's it, job done, but wait...

What about that <Directory> section? That only gives access permissions for the directory defined as DocumentRoot, so we'll need another section for our aliased directory. For the sake of argument, let's just copy/paste the original directory section and change the path it applies to:

<Directory "/WebServer/virtualhosts/secure.someothersite.com/htdocs">
Options FollowSymLinks ExecCGI
AllowOverride All
Order allow,deny
Allow from all
</Directory>


Now it will work.

Let's have a look at our final configuration:

<VirtualHost 11.22.33.44:443>

# Basic vhost config
ServerAdmin administrator@mysite.com
ServerName secure.mysite.com:443

# Directory configuration
DocumentRoot "/WebServer/virtualhosts/secure.mysite.com/htdocs"
<Directory "/WebServer/virtualhosts/secure.mysite.com/htdocs">
Options FollowSymLinks ExecCGI
AllowOverride All
Order allow,deny
Allow from all
</Directory>

# Alias for /someothersite virtual directory
Alias /someothersite /WebServer/virtualhosts/secure.someothersite.com/htdocs
<Directory "/WebServer/virtualhosts/secure.someothersite.com/htdocs">
Options FollowSymLinks ExecCGI
AllowOverride All
Order allow,deny
Allow from all
</Directory>

# Logging configuration
# Rem: ssl logging format defined in httpd.conf
ErrorLog "/WebServer/virtualhosts/secure.mysite.com/logs/error.log"
CustomLog "/WebServer/virtualhosts/secure.mysite.com/logs/access.log" ssl

# SSL configuration
# Rem: This works properly, fingerpoken ist verboten!
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "/var/apache/conf/certs/secure-mysite-com.cert"
SSLCertificateKeyFile "/var/apache/conf/certs/secure-mysite-com.key"
<FilesMatch ".(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory "/var/apache/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
BrowserMatch ".*MSIE.*"
nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0

</VirtualHost>

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme