Hello,
The easyest way would be to use ssl in apache only. Then, with the
jk_module, you just need to add a JkMount to jahia in the VirtualHost
where SSLEngine is enabled.
To force using ssl for login processus, you can add folowing rules:
RewriteCond %{SERVER_PORT} 443
RewriteRule
!(/jahia/Jahia/engineName/login(.*))
http://%{HTTP_HOST}%{REQUEST_URI} [R,L,NS]
RewriteCond %{SERVER_PORT} 80
RewriteRule
/jahia/Jahia/engineName/login(.*)
https://%{HTTP_HOST}/jahia/Jahia/engineName/login$1
I think you that can also use %{SERVER_NAME} instead of %{HTTP_HOST}
for the connection to your secure server.
Philippe
At 12.04.2006 20:43, you wrote:
Hi,
We're using Jahia 4.0.5 and a LDAP directory and we wish to
secure the Jahia login process over multiple hosted web sites. We
use apache 2 with name based virtual host as a front end server and
planning to use mod_jk as the communication protocol between apache
and tomcat 4.1.
We are evaluating multiple scenarios and one of them consist of
modifying the login process and url redirection to be generic to all
web site. This way we can use only one certificate. If this is
supported by jahia ? For exemple, redirecting the login process to a
particular hostname on the same jahia instance and returning to the
current site authentified ?
Other scenarios we are investigating are by using a shared ssl
certificate (wildcard), certificate with multiple SubjectAltName,
and ip based certificate.
I'm now wondering if any of you have implemented SSL with Jahia over
multiple hosted domains and what solution you took.
Thanx!
Pascal
-------=[ pvollenweider at jahia dot com ]=---------
Jahia : A collaborative source CMS and Portal Server
www.jahia.org Community and product web site
www.jahia.com Commercial services company
