httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Granvin" <Robert.Gran...@metrostate.edu>
Subject Re: [users@httpd] Mod Rewrite assistance sought (hoped for :-)
Date Tue, 17 Jul 2007 15:44:39 GMT
Unfortunately, no (on the content root).  Basically, the "secure"
(https) portion is a shared subdomain, hence the directory approach.
 
Think of the structure this way:
 
/var/www/site1
/var/www/site2
/var/www/siten
 ....
 
/var/www/secure/
 
\\ Robert J. Granvin                                            
Webmaster
 \\ robert.granvin@metrostate.edu                       Metro State
University ->site1
/var/www/secure/ ->site2
/var/www/secure/ ->siten
...
 
Where the "secure" subdomain has symbolic links to the content root of
each web site (site1, site2... siten).
 
Therefore, each web site has access to a single secure server (low
cost), but has the problem of URLs no longer being valid.
 
a "/foo/bar.html" in site1 has to translate to "/site1/foo/bar.html"
while in the "secure" subdomain in order to render properly, and
http://foo.site.com ends up having to translate to an appropriate URL
also (though translating to a local reference is fine (and preferred
anyways)).
 
The only guarantee that we have is that the URL called will absolutely
begin with http://secure.site.com/site1/[...], for example...
 
My suspicion is that this is a lot easier than it seems on the surface.
 :-)


>>> "Julius Thyssen" <jultus@gmail.com> 7/17/2007 10:21:03 am >>>
On 7/17/07, Robert Granvin <Robert.Granvin@metrostate.edu> wrote:
> Standard web site is at "http://foo.site.com/..." while
> the secure URL is at "https://secure.site.com/foo/..."

So you can't use the same document root for both hosts?
If you need different content, except for some folders,
simply use the Alias directive in httpd.conf.

Alias /images "/var/www/foo/images"

or something.

> (Basically, make sure that local references such as
"/images/blah.gif"
> become "/foo/images/blah.gif" and hard URLs embed the site reference
into
> it... The user will connect to "https://secure.site.com/foo",
> but I need to extract the "foo" to use in the other URLs.)

I'd use a symbolic link for that. So, on the server, if it's
linux/unix:

# ln -s /foo/images /images

or whatever you need for that. To use Rewrite for that is overkill.

If you would like httpS to 'appear' only for secure.site.com,
do something like this in httpd.conf:

NameVirtualHost *:80

<VirtualHost *:80>

ServerName site.com
DocumentRoot /var/www/site.com_doc-root
ServerAlias *.site.com
# this ^^ catches mistyped hostnames, like "ww.site.com"
# and "wwww.site.com", and limits traffic
# by having all calls go to one hostname..

RewriteEngine on
RewriteCond %{HTTP_HOST}  ^secure\.site\.com
RewriteRule ^/(.*)$     https://secure.site.com/$1 [R,L]
RewriteCond $1          =secure
RewriteRule ^/(.*)$     https://secure.site.com/ [R,L]
# this all forces the "secure.site.com" requests to go over SSL.
RewriteCond %{HTTP_HOST}  !^site.com(:80)?$
RewriteRule ^/(.*)        http://site.com/$1 [L,R]
RewriteOptions inherit

</VirtualHost>


and then this - for example - in ssl.conf:


<VirtualHost _default_:443>
DocumentRoot /var/www/secure.site.com_doc-root
ServerName secure.site.com:443

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt
SSLCACertificatePath /etc/httpd/conf/ssl.crt
<Files ~ "\.(cgi|shtml|phtml|pl|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/secure.site.com_doc-root">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
  "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

-- 
# Julius B. Thyssen

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message