Apache SSL Path


(Mark Edworthy) #1

I think I might have mentioned this in a previous post, but I would like to have the ability to be able to split an Apache domain / virtual host so that the non-ssl site is stored on one part of the directory tree and a SSL site is on another path without needing to create further sub domains. (eg. non ssl pointing tro /var/www/docs and ssl domain pointing to /var/www/ssl).

I realise that this would involve changing some of the NS templates, but would like to have separate web based services on ports 443 and 80.

Just been considering an option to have a tickbox in the NS UI (Shared folders / web access) to allow an administrator to achieve this


(Davide Principi) #2

Hi @medworthy, I’m not sure I understood the requirements: please correct me!

Should it work like the following?

http://www.example.com =>  /var/www/docs
https://www.example.com => /var/www/ssl

For this scenario, I’d suggest creating an Apache *.conf file under /etc/httpd/conf.d, where DocumentRoot directives point to the two separate ibays.

Could you provide a real use-case example, where this configuration is desired?


(Mark Edworthy) #3

@davidep, yes, the above is what I am aiming for. The first thing I considered was to use a similar technique for creating a new DocumentRoot as you described but noticed that the NS template overwrote my settings when using the NS admin UI.

The obvious example I can provide is based upon an e-commerce site (eg. main content is stored within the non-ssl directory structure and user authentication / shopping cart is on the ssl side – the end-user only needs to remember one URL and doesn’t have to consider any other subdomain addresses).


(Davide Principi) #4

It shouldn’t, outside of /etc/httpd/nethserver.d. Did you put the .conf file under /etc/httpd/conf.d? Does the .conf file name clash with an existing template? My server has the following:

$ grep -l -F "DO NOT MODIFY" /etc/httpd/conf.d/*
/etc/httpd/conf.d/cgp.conf
/etc/httpd/conf.d/collectd-web.conf
/etc/httpd/conf.d/owncloud.conf
/etc/httpd/conf.d/roundcubemail.conf
/etc/httpd/conf.d/SOGo.conf
/etc/httpd/conf.d/ssl.conf

I don’t know if it’s feasible but… if the shopping cart application allows a prefix like cart/ why not using an ibay? i.e.:

http://www.example.com => /var/lib/nethserver/ibay/maincontent
https://www.example.com/cart/ => /var/lib/nethserver/ibay/shoppingcart

:point_up_2: Anyway, I’d still prefer the ad-hoc .conf file above :smile:


(Mark Edworthy) #5

Thanks @davidep, I will look at this later, my main reason for this sort of configuration is so that I can allow general viewing of a non ssl based site via the Internet and only allow users that are using my VPN to access the ssl site (at the moment, I can’t get NS firewall to allow ssl / port 445 to only be accessible via one zone and and non-ssl / port 80 to be accessible via another zone).

I still want the user to access both site using the same URL (http or https depending on if they are accessing the server through the VPN or straight via the Internet).