Forum

How to use SSL / Non-SSL with same domain

my configuration example ( hiawatha )

VirtualHost {
   Hostname = example.org, www.example.org
   WebsiteRoot = /data/www/example
   StartFile = index.php, index.html
   ReverseProxy ^/.* http://192.168.0.102:7080/
   ReverseProxy ^/.* https://192.168.0.100:7443/
   SSLcertFile = /home/user/etc/ssl/example.org.pem
}

the problem is right now it's partial work ( it will show ssl cert but will point to apache backend at port 7080 instead of 7443 )

my structure

/home/user/public_html < - apache port 7080
/home/user/private_html <- apache port 7443

Hiawatha version: 9.2
Operating System: FreeBSD 8.3

An important difference with Apache is that in Apache, you can have different websites for the HTTP and for the HTTPS interface. In Hiawatha, you specify a virtual host without the binding and therefor it will be the same website for both HTTP and HTTPS. In Hiawatha, if you want a different website, use a different hostname. The binding (HTTP or HTTPS) has nothing to do with it. Hope this helps you to solve your issue.

Thanks, so technically it not possible? So the only way is by assign different hostname for HTTP and HTTPS

Like this example?

HTTP

VirtualHost {
   Hostname = example.org, www.example.org
   WebsiteRoot = /data/www/example
   StartFile = index.php, index.html
   ReverseProxy ^/.* http://192.168.0.100:7080/
} 

HTTPS

VirtualHost {
   Hostname = ssl.example.org, www.ssl.example.org
   WebsiteRoot = /data/www/example
   StartFile = index.php, index.html
   ReverseProxy ^/.* https://192.168.0.100:7443/
   SSLcertFile = /home/user/etc/ssl/example.org.pem
}

*notes*
I've read about BIND in hiawatha option but still not clear how it's work. Thanks

Not by Hiawatha. You can of course make the web application show different output for HTTP and HTTPS connections. But I strongly advice against it, because I think it will be confusing for the visitors. The example you showed will indeed work. But why do you want to have a different website for HTTP and HTTPS connections if I may ask?

A binding is nothing more than an open port on an interface. It's where the web browser connects to. Once connected, the HTTP Host header defines what virtual host will be used. You can use the RequiredBinding option to limit the available virtual hosts per binding, but only use it when there is no alternative (like placing an intranet website on an internal web server).

ah thanks..
now i'm really confused lol actually i want to make a website which allowed user to choose HTTP or HTTPS connection ( example like google .com )
but if i'm not mistake if i redirect HTTP website to HTTPS it will always use HTTPS ( i use apache at backend ) or maybe i confused about the concept?

ah thanks about the explanation i've see someone show a config with BindingID inf this forum so i wonder about it

so for now the only option i have is by point reverse proxy to HTTPS instead of HTTP ( going to test if it will work ) and make sure the virtualhost in backend ( apache ) always point to HTTPS ? something like that?

I'm also confused.


Then there's nothing special you have to do. Specify a normal binding and an SSL binding and create one virtual host for your website. Users can choose to use HTTP or HTTPS by using http:// or https:// in front of the URL.

i think i've got the solution for this

VirtualHost {
   Hostname = ssl.example.org, www.ssl.example.org
   WebsiteRoot = /data/www/example
   StartFile = index.php, index.html
   ReverseProxy ^/.* https://192.168.0.100:7443/
   SSLcertFile = /home/user/etc/ssl/example.org.pem
}

with this setting even when user not using HTTPS the website will display fine at least it it's work for me ( maybe the problem is i've been confused with public_html and private_html )

thanks and with hiawatha as frontend no more garbage

just a little question is it possible to cache ssl reverse proxy or is it work as same as normal reverse proxy?

thanks

i means for config above example.org, www.example.org

if i want to support https just add ReverseProxy and SSLcertFile and if i really need to force user i just need to use RequireSSL = yes

the confused part is when there's no clear documentation ( every forum or book that i read always refer to port 80 for HTTP and 443 for HTTPS ) that's why i think i need separate home/directory .

sorry for my poor english

In Hiawatha, bindings and virtual host are not connected. If you specify a HTTP and a HTTPS binding and one virtual host, a user can visit that website via both http:// and https:// URLs.

What's the idea behind the reverse proxy?

About the StartFile option? It can take only one parameter? Using "index.php, index.html" will make Hiawatha look for the file named "index.php, index.html" which will not exist.

Also, with the ^/.* pattern for the ReverseProxy, everything will be forwarded to the reverse proxy. The StartFile option becomes obsolete with this, because no local file will ever be used.

ah thanks for explanation. been use apache with separate folder that's make me think it's the same.

ah basically i want reverse proxy as frontend server which light , easy to configure and focus on security ( i really like the security features in hiawatha )

ah.. thanks for startfile, my mistake to think the configuration is same as apache..

but compare to apache hiawatha is more simple and straight forward

another question

Is it possible to compile hiawatha using microsoft visual c++ if yes is there any binary released? ( i tried the cygwin but i can't use it in other directory than "program files" )

Since Hiawatha has been written for Unix, I don't think it will compile with MS Visual C++. It has been build around Posix libraries, not Windows libraries.