>From: Justin Georgeson [mailto:[EMAIL PROTECTED]] > >I have Apache 1.3.17 with mod_ssl. I'm not a real proficient apache >admin just yet, so forgive my if I unintentionally omit some crucial >point, or use the wrong nomenclature. :) I have a vhost which I would >like to add an SSL enabled subdirectory to. > >http://my.host.com/dir1 >https://my.host.com/dir2 > >Maybe even have http://my.host.com/dir2 redirect to >https://my.host.com/dir2. But I have no clue how to do it. I tried >adding the SSL directives to the <Directory>, but that totally didn't >work. (apache wouldn't start), but moving the directives >outside of that made the whole vhost SSL, and screwed up other things >that it's already doing.
Congratulations, you've already done the hard part of installing mod_ssl and getting it running with certs and so on. All you need now is to set up your configuration and that is easy once you get the hang of it. The main thing to realise is that HTTPS requests come in on a different port (usually 443) from normal HTTP traffic which uses port 80. Therefore, the simplest thing to do is to create a new port-based virtual host for SSL stuff. Indeed, most SSL directives only work in a virtualhost context (i.e. you can't make them apply in a directory context). Rather than having an SSL subdirectory of your main site, I would recommend you create a separate SSL VH. Start off with the simplest implementation which is something like this: # Define the normal HTTP service on port 80 <VirtualHost 192.168.0.1:80> DocumentRoot /home/www/html ...etc. </VirtualHost> # Define the SSL service on port 443 <VirtualHost 192.168.0.1:443> DocumentRoot /home/www/html/dir1 SSLEngine on ...rest of SSL directives ...etc. </VirtualHost> Now, a request to https://my.host.com/ will go straight to /home/www/html/dir1 under SSL, while http://my.host.com/ will continue to serve /home/www/html on plain HTTP. There are a couple of snags with this configuration which you'd need to tidy up: - In the scheme above, /home/www/html/dir1 is still accessible from plain HTTP. A rough-n-ready redirect will help matters (put inside the HTTP-VH): Redirect /dir1 https://my.host.com/ - for belt-and-braces, force SSL-only in this directory (put inside the HTTP-VH): <Directory /home/www/html/dir1> SSLRequireSSL </Directory> - Be careful also with including things like images in SSL pages if the images are in a non-ssl directory. The browser will usually complain that some of the context is insecure and the user will get a lot of annoying pop-ups. To guard against this, symbolically link the images directory into the SSL directory and then reference it there. E.g. If you have /home/www/html/images, then in /home/www/html/dir1 do: $ ln -s ../images images and then in your dir1 pages do: <img src="/images/mypict.gif"> so that the images look like they are under the SSL document root. This recipe will get you started with SSL. Once you have it running, you can start to play around with other configurations. What you originally requested is possibel, but requires imaginative use of mod_rewrite which is not something you'd want to do on your first apache config :-) Rgds, Owen Boyle. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
