Re: Setting up HTTPS w/subdomain on Apache2
- From: Martin Marcher <martin.marcher@xxxxxxxxxxxxx>
- Date: Sun, 10 Dec 2006 11:50:35 +0100
Am 10.12.2006 um 07:32 schrieb Anthony Yarusso:
Secure data transfer
That is what you need SSL for
So far I've learned about Basic Authentication, but it said that the
password is transmitted in plaintext. Then there was Digest, but
data is still unencrypted. The docs recommended using SSL, and
I'm mistaken, HTTP w/SSL = HTTPS. So, I'm hoping to make this
particular directory accessible only with supplying a valid username
and password, and have both the password and the data returned
the connection in encrypted form. The virtual subdomain is a
Authentication would be basic or digest (Personally I'm using basic
since it's - imho - a lot more compatible with clients)
Note: this ONLY needs to apply to a particular directory; I want the
rest of the site accessible normally with unauthenticated http.
From what I know the easiest way would be to have
http://public.example.com <- points to the publicly available part
https://secure.example.com <- holds all stuff that should be encrypted
Something to think of: With a single IP Address it's not possible (at
lost without investing money) to have different SSL Hosts on the same
IP. Apache will use the first SSL Host it finds to do encryption.
This is necessary since the client etablishes the encrypted
communication before even making a request.
So: https:/secure.example.com/part1, https://secure.example.com/part2
- where part1 and part2 could have totally different content.
Just direct your users to the secured subdomain and directory (if you
have the need for more than one), whenever they need to access a
could be done with
If you have only one directory (with only a single directory):
RewriteRule ^/secure https://secure.example.com/ [R]
More secured directories (this will redirect all subdirectories in
public.example.com to https://secure.example.com/$SUBDIRECTORY):
RewriteRule ^/(.+) https://secure.example.com/$1 [R]
Read a bit about some regular expressions how to get the correct
I think you could use mod_rewrite to redirect non-https requests to
https for the subdomain. I'm not sure what your question is, though,
whether it's about how to set up https in general, or force all
traffic to use https?
that is the module you need to enable, try a2enmod in a shell or man
a2enmod quite a convenient command...
hope that gives you a starting point
ubuntu-users mailing list
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
- Prev by Date: Re: Ubuntu on a 486?
- Next by Date: Re: Setting up HTTPS w/subdomain on Apache2
- Previous by thread: Re: Setting up HTTPS w/subdomain on Apache2
- Next by thread: Re: Setting up HTTPS w/subdomain on Apache2