You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cocoon.apache.org by Tino Breddin <s9...@inf.tu-dresden.de> on 2006/01/30 18:20:56 UTC
Using SSL for parts of a cocoon web-application?
Hi,
well, now the web application we are working on is running as we expect it
to, but now we need to set up a ssl connection, so that the part after a
regular login is secured with ssl. The problem is, that we have no idea
how to arrange that with cocoon. We have the certificate, and used ssl
connection with "regular" html sites.
Has anyone a helping hint?
Thanks,
Tino
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Using SSL for parts of a cocoon web-application?
Posted by Bertrand Delacretaz <bd...@apache.org>.
Le 31 janv. 06, à 15:08, Thomas Soddemann a écrit :
> ...Note, that in that case one would have to ensure that the hostname
> for
> https is not an alias.
> Otherwise, the reverse lookup of the ip address for the alias would
> reveal another hostname than the one in the certificate...
You're right - but the non-SSL host can be anything.
-Bertrand
Re: Using SSL for parts of a cocoon web-application?
Posted by Thomas Soddemann <Th...@rzg.mpg.de>.
Bertrand Delacretaz wrote:
>
> http and https use different port numbers, so you will need two
> virtual hosts if you want to serve parts of your site without SSL.
>
> IMHO a clean way of doing this is to use different hostnames, like
> https://apps.mydomain.com and http://files.mydomain.com - this helps
> avoid any confusion about what's secure and what's not.
>
> -Bertrand
Note, that in that case one would have to ensure that the hostname for
https is not an alias.
Otherwise, the reverse lookup of the ip address for the alias would
reveal another hostname than the one in the certificate.
Cheers,
Thomas
--
--------------------------------------------------
Dr. Thomas Soddemann | Boltzmannstrasse 2
Projects Engineer | 85748 Garching
Rechenzentrum der MPG | Germany
am MPI fuer Plasmaphysik |
---------------------------------------------------
phone: +49 89 3299 2694 | fax: +49 89 3299 1301
---------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Using SSL for parts of a cocoon web-application?
Posted by Bertrand Delacretaz <bd...@apache.org>.
Le 30 janv. 06, à 22:32, Tino Breddin a écrit :
> ...Your workaround seem to be useful for our application..
I don't consider it a workaround - I would *never* put anything else
than httpd as the front-end of a production site.
> ... The only thing i do not know right now, is how to tell apache that
> only the connections with a special prefix should be secured...
http and https use different port numbers, so you will need two virtual
hosts if you want to serve parts of your site without SSL.
IMHO a clean way of doing this is to use different hostnames, like
https://apps.mydomain.com and http://files.mydomain.com - this helps
avoid any confusion about what's secure and what's not.
-Bertrand
Re: Using SSL for parts of a cocoon web-application?
Posted by Tino Breddin <s9...@inf.tu-dresden.de>.
Hi Bertrand,
thank you for these links. Your workaround seem to be useful for our
application. The only thing i do not know right now, is how to tell
apache that only the connections with a special prefix should be
secured. But i think i will get to know how to achieve that, when i try
your solution.
Thanks,
Tino
Bertrand Delacretaz schrieb:
> Le 30 janv. 06, à 18:20, Tino Breddin a écrit :
>
>> ...Has anyone a helping hint?..
>
> setup an apache web server as the front-end, in reverse proxy mode,
> and handle SSL there.
>
> See http://wiki.apache.org/cocoon/ApacheModProxySsl and
> http://wiki.apache.org/cocoon/ApacheModProxy
>
> -Bertrand
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org
Re: Using SSL for parts of a cocoon web-application?
Posted by Bertrand Delacretaz <bd...@apache.org>.
Le 30 janv. 06, à 18:20, Tino Breddin a écrit :
> ...Has anyone a helping hint?..
setup an apache web server as the front-end, in reverse proxy mode, and
handle SSL there.
See http://wiki.apache.org/cocoon/ApacheModProxySsl and
http://wiki.apache.org/cocoon/ApacheModProxy
-Bertrand