Enabling SSL redirects to the first website using SSL

Discussion in 'Installation/Configuration' started by sjswarts, Dec 3, 2012.

  1. sjswarts

    sjswarts New Member

    (SOLVED) Enabling SSL redirects to the first website using SSL

    Debian 6 Squeeze - ISPConfig 3 - Postfix, Dovecot, Apache2, Bind, Horde 5

    G'day guys,

    I have multiple websites hosted on this VPS. Now I have never had an issue due to nobody ever wanted SSL access on their website. They do now.

    For example I have the following:

    example.com
    example.com.au

    http://example.com goes to the right folder
    https://example.com goes to the same

    http://example.com.au goes to a different but right folder
    https://example.com.au goes to https://example.com

    Now I'm sure that its something to do with mod_rewrite but where I don't even know where to start looking.

    Any help is GREATLY appreciated
     
    Last edited: Dec 4, 2012
  2. till

    till Super Moderator

    The ssl protocol is IP based, so if you share the IP address of a sll site with other non ssl sites, all requests to thes other sites were redirected to the ssl site. So this is normal and not a issue with mod_rewrite.

    There are two options:

    1) Use a dedicated (different) IP address for the ssl site.

    b) Add rewrite rules to the ssl vhost that redirect all https requests that are not for the sl site to the http version of the domain were the requests are for. I dont have a redirect code for this at hand, but I guess you should be able to find one with google or maybe someone else has one already and can post it here.
     
  3. sjswarts

    sjswarts New Member

    Thanks for the response Till,

    So with anyone who hosts on a VPS they need to purchase an external IP for each domain that uses SSL?

    As for the rewrite would have to be added to the default website? In ISPConfig?

    What is the best practice here? Purchase separate IP's?
     
  4. till

    till Super Moderator

    Yes, thats part of the "standard" ssl specification, so its not specific to ispconfig. ISPCOnfig supports also SSL with SNI which is basically a shared ssl for namebased vhosts, but sni works only with latest web browsers, especially older Internet Exploerer versions cause problems. To prevent the above if you would use sbi would require to add a default ssl host similar to the default vhost for http.

    It has to be added in the website which has ssl enabled.

    The easiest and cleanest solution wold be to purchase a separate IP address for the ssl site. But the other approach with the rewrite rules might work as well for you, I guess it mostly depends on the prices for IP addresses that you get charged.
     
  5. till

    till Super Moderator

    Yes, thats part of the "standard" ssl specification, so its not specific to ispconfig. ISPConfig supports also SSL with SNI which is basically a shared ssl for namebased vhosts, but sni works only with latest web browsers, especially older Internet Exploerer versions cause problems. To prevent the above if you would use sni would require to add a default ssl host similar to the default vhost for http.

    It has to be added in the website which has ssl enabled.

    The easiest and cleanest solution wold be to purchase a separate IP address for the ssl site. But the other approach with the rewrite rules might work as well for you, I guess it mostly depends on the prices for IP addresses that you get charged.
     
    Last edited: Dec 4, 2012
  6. sjswarts

    sjswarts New Member

    Is there a way to mark threads as solved ?? this will help people searching the forums.
     

Share This Page