Setting up HTTPS w/subdomain on Apache2

[Todd Slater]

On 12/9/06, Anthony Yarusso <tonyyarusso at earthlink.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I'm working on reading through Apache documentation, but the going is
> slow, so if anybody would like to kickstart me or give pointers that
> would be fabulous.
>
> I'm trying to set up the following:
> https://subdomain.host.com/, which points to a directory on the same
> physical machine (/var/www/subdomain say), with the following
> characteristics:
>
> Secure authentication
> Secure data transfer
>
> So far I've learned about Basic Authentication, but it said that the
> password is transmitted in plaintext.  Then there was Digest, but the
> data is still unencrypted.  The docs recommended using SSL, and unless
> I'm mistaken, HTTP w/SSL = HTTPS.  So, I'm hoping to make this
> particular directory accessible only with supplying a valid username
> and password, and have both the password and the data returned travel
> the connection in encrypted form.  The virtual subdomain is a wishlist
> item primarily.
>
> Note: this ONLY needs to apply to a particular directory; I want the
> rest of the site accessible normally with unauthenticated http.
>
> Any tips?

I think you could use mod_rewrite to redirect non-https requests to
https for the subdomain. I'm not sure what your question is, though,
whether it's about how to set up https in general, or force all
traffic to use https?

Todd