Re: Setting up HTTPS w/subdomain on Apache2
- From: Martin Marcher <martin.marcher@xxxxxxxxxxxxx>
- Date: Sun, 10 Dec 2006 11:51:10 +0100
Am 10.12.2006 um 07:32 schrieb Anthony Yarusso:
Secure authentication
Secure data transfer
That is what you need SSL for
So far I've learned about Basic Authentication, but it said that the
password is transmitted in plaintext. Then there was Digest, but
the
data is still unencrypted. The docs recommended using SSL, and
unless
I'm mistaken, HTTP w/SSL = HTTPS. So, I'm hoping to make this
particular directory accessible only with supplying a valid username
and password, and have both the password and the data returned
travel
the connection in encrypted form. The virtual subdomain is a
wishlist
item primarily.
Authentication would be basic or digest (Personally I'm using basic
since it's - imho - a lot more compatible with clients)
Note: this ONLY needs to apply to a particular directory; I want the
rest of the site accessible normally with unauthenticated http.
From what I know the easiest way would be to have
http://public.example.com <- points to the publicly available part
https://secure.example.com <- holds all stuff that should be encrypted
Something to think of: With a single IP Address it's not possible (at
lost without investing money) to have different SSL Hosts on the same
IP. Apache will use the first SSL Host it finds to do encryption.
This is necessary since the client etablishes the encrypted
communication before even making a request.
So: https:/secure.example.com/part1, https://secure.example.com/part2
- where part1 and part2 could have totally different content.
Just direct your users to the secured subdomain and directory (if you
have the need for more than one), whenever they need to access a
secure part.
could be done with
If you have only one directory (with only a single directory):
RewriteEnginge On
RewriteRule ^/secure https://secure.example.com/ [R]
More secured directories (this will redirect all subdirectories in
public.example.com to https://secure.example.com/$SUBDIRECTORY):
RewriteEnginge On
RewriteRule ^/(.+) https://secure.example.com/$1 [R]
Read a bit about some regular expressions how to get the correct
redirection.
I think you could use mod_rewrite to redirect non-https requests to
https for the subdomain. I'm not sure what your question is, though,
whether it's about how to set up https in general, or force all
traffic to use https?
that is the module you need to enable, try a2enmod in a shell or man
a2enmod quite a convenient command...
hope that gives you a starting point
Martin
--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
- References:
- Setting up HTTPS w/subdomain on Apache2
- From: Anthony Yarusso
- Re: Setting up HTTPS w/subdomain on Apache2
- From: Todd Slater
- Re: Setting up HTTPS w/subdomain on Apache2
- From: Anthony Yarusso
- Setting up HTTPS w/subdomain on Apache2
- Prev by Date: Re: Setting up HTTPS w/subdomain on Apache2
- Next by Date: Mac Mini as a Server
- Previous by thread: Re: Setting up HTTPS w/subdomain on Apache2
- Next by thread: Re: Browser font sets?
- Index(es):
Relevant Pages
|
