Aaron Adams (.Mac)

Q: Hosting HTTP and HTTPS from the same domain

Maybe I'm missing something, but I can't find a way to host both HTTP and HTTPS from the same domain in Server.app. Formerly in Snow Leopard, I could add a second web site with the same domain name but a different port (443) with a cert associated with it, and http://domain.com and https://domain.com would work from the same server. This apparently can't be done with Server.app. I can add a second site with a different port, but the web service doesn't serve up the site with two different protocols as Snow Leopard did.

 

Is there any way to do this?

Posted on Feb 14, 2012 2:23 PM

Close

Q: Hosting HTTP and HTTPS from the same domain

  • All replies
  • Helpful answers

  • by Aaron Adams (.Mac),

    Aaron Adams (.Mac) Aaron Adams (.Mac) Feb 21, 2012 2:52 PM in response to Aaron Adams (.Mac)
    Level 1 (55 points)
    Wireless
    Feb 21, 2012 2:52 PM in response to Aaron Adams (.Mac)

    Seriously? I'm the only person in the universe who needs to do this?

  • by marksv,

    marksv marksv Feb 26, 2012 1:04 PM in response to Aaron Adams (.Mac)
    Level 1 (105 points)
    Feb 26, 2012 1:04 PM in response to Aaron Adams (.Mac)

    No luck?  You are not alone.  I've got a situation where the cusomter has a live website that needs to be regular http.  But they also want to have the Profile Manager running for a bunch of iPads.  While I can turn off the SSL so hitting the default website runs over http Profile Manager does not work since SSL is missing.  I've found some references to using redirects in the Server App but have not had any luck in getting that to work.

  • by Aaron Adams (.Mac),

    Aaron Adams (.Mac) Aaron Adams (.Mac) Feb 27, 2012 10:03 PM in response to marksv
    Level 1 (55 points)
    Wireless
    Feb 27, 2012 10:03 PM in response to marksv

    That's not really the problem I'm attempting to describe here. You can have Profile Manager running and host an ordinary site at the same time. I'm doing it now. Profile Manager runs from the default website created by Server.app with the server's FQDN, server.domain.com. You assign it an SSL cert from Server.app Hardware -> Settings. In order for that to be accessible from outside your LAN, you may need to create an entry in your public DNS for server.domain.com.

     

    I'm talking about hosting both http://www.domain.com and https://www.domain.com, because certain pages need to be encrypted. Apparently it can't be done.

  • by Erich Wetzel,

    Erich Wetzel Erich Wetzel Feb 28, 2012 6:55 AM in response to Aaron Adams (.Mac)
    Level 2 (345 points)
    Servers Enterprise
    Feb 28, 2012 6:55 AM in response to Aaron Adams (.Mac)

    Aaron,

    You are not alone and it appears that it cannot be done if you want to use the GUI.  As soon as the second instance of the site is added, neither serve pages, or sometimes all pages are forced to https in my attempts.  I remember seeing a suggestion for a solution that required manually making changes to the Apache site files but I cannot remember what the answer was.  The frustrating part about this problem is that this was easy in 10.6.  That is why our web server is still 10.6.

     

    Eventually I am going to try to cut and paste our Apache site pages from the working 10.6 version and see if they work out.  I'll post if I get to it, but I am in no rush because our site works not and I am content to let it run as is.  Maybe they will fix this in this summer's release.  Put in a bug report / feature request if you can.  That is how they will know what we need.

     

    -Erich

  • by Mosier4014,

    Mosier4014 Mosier4014 Oct 5, 2013 3:53 PM in response to Aaron Adams (.Mac)
    Level 1 (0 points)
    Oct 5, 2013 3:53 PM in response to Aaron Adams (.Mac)

    This is the best way I know of.

     

    You will use a text editor (or nano if you enjoy the command line) to modify the conf file generated by the Server.app. I like using the free Text Wrangler from BareBones. BBedit is awesome if you want to pay for it.

     

    1) First create your domain in the Server.app for use with your cert on port 443. Locate the config file. Mine is stored in /private/etc/apache2/sites/0000_any_443_yourdomainname.conf. If you specify a speficic IP address, the IP address will be there instead of the word "any" (0000_xxx.xxx.xxx.xxx_443_yourdomainname.conf).

     

    2) Once you have the file open, add another VirtualHost wrapper which specifies port 80. Save the file and you're good to go. See example below.

     

    TIP: You may want to copy the default port 80 confing file found in that same folder in order to easily create the port 80 VirtualHost for the 2nd step

    TIP: MAKE A COPY OF THE FINAL FILE SOMEWHERE! The Server.app will sometimes overwrite it when new domains are added or other changes are made


     

    <VirtualHost 192.168.1.52:443>

              ServerName yourdomainname.com

             

              DocumentRoot "/Library/Server/Web/Data/Sites/yourdomainname.com"

              DirectoryIndex index.php index.html /wiki/ default.html

              CustomLog /var/log/apache2/access_log combinedvhost

              ErrorLog /var/log/apache2/error_log

     

              <IfModule mod_ssl.c>

                        SSLEngine On

                        SSLCipherSuite "ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM"

                        SSLProtocol -ALL +SSLv3 +TLSv1

                        SSLProxyEngine On

                        SSLCertificateFile "/etc/certificates/yourdomainname.com.E020BFD43F6E8E4786C035CCACE65D8E88B35496. cert.pem"

                        SSLCertificateKeyFile "/etc/certificates/yourdomainname.com.E020BFD43F6E8E4786C035CCACE65D8E88B35496. key.pem"

                        SSLCertificateChainFile "/etc/certificates/yourdomainname.com.E020BFD43F6E8E4786C035CCACE65D8E88B35496. chain.pem"

                        SSLProxyProtocol -ALL +SSLv3 +TLSv1

              </IfModule>

     

              <Directory "/Library/Server/Web/Data/Sites/yourdomainname.com">

                        Options All +MultiViews -ExecCGI -Indexes

                        AllowOverride None

                        <IfModule mod_dav.c>

                                  DAV Off

                        </IfModule>

              </Directory>

              ServerAlias www.yourdomainname.com yourdomainname.biz www.yourdomainname.biz

              Alias /phpMyAdmin /Library/Server/Web/Data/Sites/Default/p_admin/phpMyAdmin-3.5.2.2-english

    </VirtualHost>

     

     

    <VirtualHost 192.168.1.52:80>

              ServerName yourdomainname.com

             

              DocumentRoot "/Library/Server/Web/Data/Sites/yourdomainname.com"

              DirectoryIndex index.php index.html /wiki/ default.html

              CustomLog /var/log/apache2/access_log combinedvhost

              ErrorLog /var/log/apache2/error_log

     

              <IfModule mod_ssl.c>

                        SSLEngine Off

                        SSLCipherSuite "ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM"

                        SSLProtocol -ALL +SSLv3 +TLSv1

                        SSLProxyEngine On

                        SSLProxyProtocol -ALL +SSLv3 +TLSv1

              </IfModule>

     

              <Directory "/Library/Server/Web/Data/Sites/yourdomainname.com">

                        Options All +MultiViews -ExecCGI -Indexes

                        AllowOverride None

                        <IfModule mod_dav.c>

                                  DAV Off

                        </IfModule>

              </Directory>

              ServerAlias www.yourdomainname.com yourdomainname.biz www.yourdomainname.biz

    </VirtualHost>

     

    <Email Edited by Host>