SSL installation help

scully

Verified User
Joined
Aug 11, 2004
Messages
5
Location
Australia
Hi all
I'm new to DA, and was hoping I could get some help in terms of the SSL installation and functionality. I have installed the CA cert on the server, as per instructions. However, I note under the "Uploading Files to your Secure Site" section that it states 'All secure files need to be uploaded to the /domains/domain.com/private_html directory.'
What type of files would I need to upload specifically?
The application that I use (PHPAuction) switches between public_html and private_html folders. (when users log on and off) Does this mean that I need to maintain 2 duplicate copies of all site files on both the public and private folders?
If not, is there any way I can enforce it so that users can only view the site through https (ie only be able to access https://www.palmoff.com and not http://www.palmoff.com)
I'm not too sure how to do it, as the site is actually hosted by a web hosting co., and I don't own the server.
Any assistance is greatly appreciated.
Scully
 
scully said:
What type of files would I need to upload specifically?
The application that I use (PHPAuction) switches between public_html and private_html folders. (when users log on and off) Does this mean that I need to maintain 2 duplicate copies of all site files on both the public and private folders?
No you don't have to maintain to completely separate copies.

The purpose of having two separate directories is that your visitors can't view unsecurely sections of your site that should only be viewed securely.

All pages of your site that are access as http:// should be in the public_html directory tree, and all pages of your site that are accessed as https:// should be in your private_html directory tree.
If not, is there any way I can enforce it so that users can only view the site through https (ie only be able to access https://www.palmoff.com and not http://www.palmoff.com)
You can do this. Simply place your entire site in private_html, and in public_html put a rewrite command into an .htaccess file, and nothing else.
I'm not too sure how to do it, as the site is actually hosted by a web hosting co., and I don't own the server.
Any assistance is greatly appreciated.
You won't need any help from your webhost to do it the way I've outlined.

Jeff
 
This way of doing things is problematic with CMS or shopping systems that have both secure and unsecure pages.

You usually browse the site using http and wen you want to login, the url changes to https, but it's the same website. It's impossible to just put a page in the private_html folder, it won't work.
 
Next steps

Thank you both for your feedback.
Olivier, since you think that the previous suggested solution is problematic, could you please recommend a solution?
 
I think a simple symlink should work, but I wish we could chose between having one or two folders for SSL websites.
 
Scully,
A symlink is simply a shortcut and this will work for most applications. In this way you will not have to upload any of your files to the private_htm folder.

To create the symlink you will need the following.

1. Software to connect to your account VIA SSH. I use putty.
Download Here

2. Your web host must have enabled SSH access for your account.

3. Use the following once you are logged in.
(Your login name and password will be the same as your direct admin login.)

Code:
cd /home/username/domains/domain.com 
rm -rf private_html 
ln -s public_html private_html

If you do not have access to your site VIA SSH or you are uncomfortable doing this your self, ask your web host to do it for you.

-Jason
 
Last edited:
Hey,

First line should be:

cd /home/username/domains/domain.com

The "domains" directory was missing... I know cause I missed it as well on another post! :^)

David
 
Thank you guys very much for your help and advice, it's great. I've written to PHPAuction asking them whether the link would be the best option.
Hopefully this will be the fix.
 
Getting rid of the pesky non-secure items popup

Hi guys!

Another question:
How do I prevent the "This page contains both secure and nonsecure items. Do you want to display the nonsecure items?" popup from displaying every time I try to access a page in my site?

Thanks!
 
This is not related to directadmin ;)

In Mozilla, get the page info and go to the links tab. You'll quickly identify whick image or script is not using SSL.
 
There is an easier way to use the public_html folder for both port 80 and 443.

#cd /usr/local/directadmin/data/templates
#cp virtual_host_secure.conf custom
#cd custom
#edit virtual_host_secure.conf

Change the second line to:
|?DOCROOT=`HOME`/domains/`DOMAIN`/public_html|

#echo "action=rewrite&value=httpd" >> /usr/local/directadmin/data/task.queue
 
Hi Olivier,

I tried your method and got this warning:

[warn] NameVirtualHost xx.xx.xx.xxx:443 has no VirtualHosts

I'm hosting a website on that IP that does not utilize ssl...

Any ideas?

Many thanks,

T
 
interfasys said:
This way of doing things is problematic with CMS or shopping systems that have both secure and unsecure pages.

You usually browse the site using http and wen you want to login, the url changes to https, but it's the same website. It's impossible to just put a page in the private_html folder, it won't work.


Is there any more on this? We are having the same problems. Most shopping cart applications do not support a 'private_html'. I dont understand why files have to be in a different 'secure' folder, after all the ssl cert is encrypting the session so I really dont understand why we have this implementation in DA for SSL . What come be done about? I have done a symlink but this means we are having to run the whole site as https:// (rather just for login/checkout pages) in the shopping cart application (CubeCart) we are using on one of our customers sites.


Neil :D
 
DA (and also Plesk) support separate directories for insecure and secure html so site visitors won't accidentally access insecurely pages that should only be accessed securely, and therefore expose credit card information, etc.

Personally, I wouldn't have it any other way.

Do you want the same site to be browsable either securely or insecurely? IIf so, then the best way to do it is with a symbolic link as mentioned previously.

If you want the site to only be browsable securely, then the best way to do it is to place the entire site in the private_html directory, and just place some redirect code in public_html, redirecting to the secure site.

Jeff
 
If you want the site to only be browsable securely, then the best way to do it is to place the entire site in the private_html directory, and just place some redirect code in public_html, redirecting to the secure site.

Jeff


I want to be able to operate the shopping cart properly eg. only switch https when customer is logged into there account and checkout pages. I dont want to run the whole cart site under https. The use of a private_html does not allow this. If I put copies of files both in public_html and private_html this could work but is very iffy way of running a cart. Either that or only put the secure files in private_html etc but then that could also be problematic and required a lot of modification in the cart code which I dont want to do.


Neil :(
 
If you remove the private_html directory and then create a link from private_html directory it will work exactly as you wish.

Unfortunately it will also allow any page to be run insecurely. But so will every system that uses only one directory for both secure and insecure pages.

I haven't seen the cart code, but if it uses "https:" when it switches to secure mode, and http for insecure mode, and doesn't care about paths, then it shouldn't require any changes if you put the secure pages into public_html and the insecure pages into private_html.

Jeff
 
Hello Neil,
I just took a look at your site, and if I am not mistaken then you are using the whois cart? Great looking site by the way.

Ok, I had the same problem with getting the fianal.php page to load securly because of the exact directory stucture that you need to have because of the whois license.

Here is what you will need to do to get it working properly.
See this thread

Note: ( I was using a red hat box at the time, I am not sure if Free BSD will be the same? So if you are using Free BSD, then you should ask John to confirm that it will work the same way.)

Good Luck -Jason

:D
 
jdlitson said:
Hello Neil,
I just took a look at your site, and if I am not mistaken then you are using the whois cart? Great looking site by the way.

Ok, I had the same problem with getting the fianal.php page to load securly because of the exact directory stucture that you need to have because of the whois license.

Here is what you will need to do to get it working properly.
See this thread

Note: ( I was using a red hat box at the time, I am not sure if Free BSD will be the same? So if you are using Free BSD, then you should ask John to confirm that it will work the same way.)

Good Luck -Jason

:D

I followed the John's instructions but it never worked for me so I ended up deleting the private_html and created an symlink named private_html pointing to public_html. It works like a charm this way. I haven't had any problems.

Regards,
Ben
 
Back
Top