Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
#1 2012-03-10 22:19:09
- jhorchle
- New Member
- Registered: 2012-02-17
- Posts: 5
How Do I setup the admin area behind a shared SSL certificate
Hi,
I would like to setup the backend on a different domain from my main sites. It should be protected by a shared SSL certificate.
I would like to use TXP as:
https://shared-ssl-proxy.com/administration-domain.com —— Textpattern backend protected by SSL proxy
http://domain-one.com
http://domain-two.com
http://domain-three.com
….
As you can see I would like to use the shared SSL certificate (SSL proxy) to manage the content which is displayed on the other public domains.
If I try to install Textpattern the installer is not able to use the SSL proxy in the first step.
How can I install TXP to get the desired result?
Regards
Jörg
Offline
Re: How Do I setup the admin area behind a shared SSL certificate
Hello
Have you looked at the instructions for setting up multiple sites on one Textpattern install?
Simon
Offline
#3 2012-03-13 20:09:27
- jhorchle
- New Member
- Registered: 2012-02-17
- Posts: 5
Re: How Do I setup the admin area behind a shared SSL certificate
Hi Simon,
yes. I followed the instructions. But when I call
https://shared-ssl-proxy.com/mysite.com/setup
I get the first site of the setup – which is lacking stylesheet information (because the css-file is not found) and when I try to continue the setup fails immediatly.
Jörg
Offline
Re: How Do I setup the admin area behind a shared SSL certificate
Hi Jörg
Did you unzip the installer on your server (rather than upload unzipped)?
Unzipping on the server preserves the symbolic links which are needed to make multiple site installation work.
If not .. try that.
Simon
Offline
#5 2012-03-15 10:00:39
- jhorchle
- New Member
- Registered: 2012-02-17
- Posts: 5
Re: How Do I setup the admin area behind a shared SSL certificate
Hi Simon,
yes – I did the installation by following the mentioned instructions. I do have access to my webserver via ssh. So I was able to download and unzip the distribution on the server itself.
Is it possible to do the installation with debug or verbose logging so that I can retry it to get a clue what is going wrong? I read that TXP is able to detect a forward proxy.
Jörg
Offline
Re: How Do I setup the admin area behind a shared SSL certificate
Hi Jörg
This is more web server configuration than Textpattern configuration — your web server logs should give you a clue to what’s going on.
FYI I’ve set up several Textpattern sites using a different domain (or, more often, sub-domain) for the admin/backend – which is also protected using a (self-generated) SSL cert. I’m not using proxies though.
If it’s any help I could send you a file tree (of Textpattern file locations) and the server config files (I’m using Lighttpd)?
Simon
Offline
#7 2012-03-15 11:24:09
- jhorchle
- New Member
- Registered: 2012-02-17
- Posts: 5
Re: How Do I setup the admin area behind a shared SSL certificate
Hi Simon,
not sure whether it helps. Setting up the backend as subdomain should be no problem. I’m not sure whether I can control the web server logs (my hoster is using Apache) – but I’ll check that.
The question is: Ist TXP able to use HTTP_X_FORWARDED_FOR in the backend? Perhaps I must setup the TXP without using the SSL proxy to change some settings afterward.
In addition I’m not sure whether I could use a self-generated SSL certificate. I didn’t thought about that. My hoster can enable a SSL proxy for my domain so I just choosed that. But – as I have ssh-access – I can try to use a self generated one.
Jörg
Offline
#8 2012-03-21 11:52:17
- jhorchle
- New Member
- Registered: 2012-02-17
- Posts: 5
Re: How Do I setup the admin area behind a shared SSL certificate
Hi,
I’m not able to modify the settings of the webserver. I can only use ‘.htaccess’-Files. But as I read you can only change web server logs within main or virtual host settings. Same applies on SSL-Settings.
So I can not see how one can setup TXP behind a SSL-Proxy.
Jörg
Offline
Re: How Do I setup the admin area behind a shared SSL certificate
jhorchle wrote:
As you can see I would like to use the shared SSL certificate (SSL proxy) to manage the content which is displayed on the other public domains.
SSL proxy? A proxy where a middle man that converts HTTPS connections to HTTP? You do realize that you are converting your secure connection to non-secured, effectively rendering the HTTPs connection close to useless. Normally you would want to keep gifts in a taped packets all to way to your front door.
If I try to install Textpattern the installer is not able to use the SSL proxy in the first step.
Textpattern doesn’t care about proxies. You can use proxies to your hearts content.
Ist TXP able to use HTTP_X_FORWARDED_FOR in the backend?
X_FORWARDED_FOR isn’t really needed much for anything by Textpattern. Textpattern doesn’t care from what IP you are coming from. But yes, when Textpattern internally detects IP addresses, it does use/check X_FORWARDED_FOR header.
Offline