Setting up HTTPS w/subdomain on Apache2
martin.marcher at openforce.com
Sun Dec 10 10:51:10 UTC 2006
Am 10.12.2006 um 07:32 schrieb Anthony Yarusso:
>>> Secure authentication
>>> Secure data transfer
That is what you need SSL for
>>> So far I've learned about Basic Authentication, but it said that the
>>> password is transmitted in plaintext. Then there was Digest, but
>>> data is still unencrypted. The docs recommended using SSL, and
>>> I'm mistaken, HTTP w/SSL = HTTPS. So, I'm hoping to make this
>>> particular directory accessible only with supplying a valid username
>>> and password, and have both the password and the data returned
>>> the connection in encrypted form. The virtual subdomain is a
>>> item primarily.
Authentication would be basic or digest (Personally I'm using basic
since it's - imho - a lot more compatible with clients)
>>> Note: this ONLY needs to apply to a particular directory; I want the
>>> rest of the site accessible normally with unauthenticated http.
From what I know the easiest way would be to have
http://public.example.com <- points to the publicly available part
https://secure.example.com <- holds all stuff that should be encrypted
Something to think of: With a single IP Address it's not possible (at
lost without investing money) to have different SSL Hosts on the same
IP. Apache will use the first SSL Host it finds to do encryption.
This is necessary since the client etablishes the encrypted
communication before even making a request.
So: https:/secure.example.com/part1, https://secure.example.com/part2
- where part1 and part2 could have totally different content.
Just direct your users to the secured subdomain and directory (if you
have the need for more than one), whenever they need to access a
could be done with
If you have only one directory (with only a single directory):
RewriteRule ^/secure https://secure.example.com/ [R]
More secured directories (this will redirect all subdirectories in
public.example.com to https://secure.example.com/$SUBDIRECTORY):
RewriteRule ^/(.+) https://secure.example.com/$1 [R]
Read a bit about some regular expressions how to get the correct
>> I think you could use mod_rewrite to redirect non-https requests to
>> https for the subdomain. I'm not sure what your question is, though,
>> whether it's about how to set up https in general, or force all
>> traffic to use https?
that is the module you need to enable, try a2enmod in a shell or man
a2enmod quite a convenient command...
hope that gives you a starting point
More information about the ubuntu-users