[Zope] SSL over Multiple Zope/Plone sites?
michael nt milne
michael.milne at gmail.com
Tue Jan 24 13:26:27 EST 2006
Ok, that's really interesting. Thanks. Yes I could just stay using SSL after
the login if there's a problem with going non-ssl
I understand the setting up the single secure domain bit linked to the IP
address but don't quite get how I would link each site's login areas to
that? Basically are you saying you would, using re-write rules, just call
http://www.plonesiteone.com/login_form -
http://mysecure_domain.com/plonesiteone/login_form ?
It would be the same Plone login page but just have a different URL in the
address bar, a https one?
Also would you need to use VHM because I've got Apache virtual hosts set-up
without actually doing anything in Zope. As long as VHM is on it is all
fine.
Thanks
Michael
On 1/24/06, David Pratt <fairwinds at eastlink.ca> wrote:
>
> I think this should be doable for single cert with multiple domains.
> Setup you exising ip with one domain (ie. mysecure_domain.com). Get the
> cert on this domain.
>
> Setup a rewrite rule in apache for port 443 for mysecure_domain.com
>
> You could use a self signed cert to experiment. When user logs in
> request login page goes to
>
> site1 - http://domain_one.com:
> You would need to make your login go to you login page
> https://mysecure_domain/site1/login
>
> site2 - http://domain_two.com:
> https://mysecure_domain/site2/login
>
> Once logged in goes to whatever you have in your vhm
> http://www.domain_one.com /site1 in vhm
> http://www.domain_two.com /site2 in vhm
>
> in vhm you'd have:
> www.domain_one.com /site1
> www.mysecure_domain/site1 /site1
> www.domain_two.com /site2
> www.mysecure_domain/site2 /site2
>
> The problem here will be the session since when you login secure and
> switch back to the regular site, your ssl session will expire
> automatically but you'll need to pass it to nonssl to stay alive when
> you go back to nonssl. I think a solution might be to store it, go to
> nonssl and then retreive it when you do your redirect back to non-ssl. I
> have not tried this yet. Alternatively you could always stay in ssl from
> that point forward. Any technique from someone on this would be helpful
> since I am also interested in what possibilities there might be.
>
> This should not give you a problem with the cert because identity on
> cert would match the ip. I think otherwise you are in a situation where
> you will need a dedicated server setup to have one ip per site and then
> you can just do a single rewrite per ip or use chained ssl if you have
> sub domains that you want to tie together under a single cert over one
> or more ips on one or more servers.
>
> Regards,
> David
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope/attachments/20060124/621b8db2/attachment.htm
More information about the Zope
mailing list