--------------------------------
Title
--------------------------------
Ninja Domains Part 2: Including SSL in a Multi-Domain Setup using the Symphony XSLT Content Management System
--------------------------------
Description
--------------------------------
This is the second part of a tutorial by my first contributing author, [Michael Eichelsdörfer](http://www.michael-eichelsdoerfer.de/).
In [Part 1 of this tutorial](http://designprojectx.com/tutorials/ninja-domains-a-multi-domain-setup-using-the-symphony-xslt-content-management-system/) we built an an advanced multi-domain setup to power several websites by a single Symphony installation, using a single backend. This approach works fine for SSl/non-SSL domains as well.
Imagine the following situation: You have a website running on Port 80 (non-SSL). Because your “about” page includes a contact form sending sensitive data, you would like to serve this page encrypted by SSL (Port 443).
This tutorial is not about SSL installation. We assume that SSL is working and you are running a **(sub)domain with SSL** (port 443), while your main www domain is non-SSL (i.e. listening on port 80). Running SSL on the main domain is not covered in this tutorial, since this is a rather simple case. It will only require a subset of the techniques described below.
Prerequisites:
* Symphony XSLT Content Management System
* Apache webserver meeting Symphony’s requirements
* main domain running without SSL (port 80)
* second (sub)domain running with SSL (port 443)
**You will need SSH access to the webspace/webserver.**
--------------------------------
Body
--------------------------------
Basic Setup
-----------
The www and SSL domains should point to different directories on the server, like so:
http://www.domain.com => /var/www/www.domain.com
https://ssl.domain.com => /var/www/ssl.domain.com
Install a Symphony ensemble in `/var/www/domain.com`. You will find the following files and folders:
.htaccess
extensions
index.php
manifest
symphony
workspace
In order to get the SSL domain working with Symphony you will have to create some symbolic links from `/var/www/www.domain.com` to `/var/www/ssl.domain.com`. Connect to your server via SSH using an SSH client application (e.g. the Mac OS X Terminal) and create the following links:
ln -s /var/www/www.domain.com/extensions /var/www/ssl.domain.com/extensions;
ln -s /var/www/www.domain.com/index.php /var/www/ssl.domain.com/index.php;
ln -s /var/www/www.domain.com/manifest /var/www/ssl.domain.com/manifest;
ln -s /var/www/www.domain.com/symphony /var/www/ssl.domain.com/symphony;
ln -s /var/www/www.domain.com/workspace /var/www/ssl.domain.com/workspace;
Now create a physical `.htaccess` file in the SSL root and paste the Symphony part of you main (www) `.htaccess` file into it.
You should then be able to access your website via `http://www.domain.com` or `https://ssl.domain.com`. You should as well be able to login from either `http://www.domain.com/symphony` or `https://ssl.domain.com/symphony`.
Enforcing SLL/non-SLL access to pages
-------------------------------------
In order to manage SSL/non-SSL access to special pages, you might put some rewrite rules in your `.htaccess` files. Indeed you are strongly advised to do so in order to prevent users from accessing encrypted pages without encryption (and vice versa). And, hey, why not switch your Symphony backend to SSL as well? So we will take care of:
* the ‘About’ page
* the Symphony backend
Here comes the `mod_rewrite` magic. Add the following rules at the beginning of your `.htaccess` files:
### www domain
RewriteEngine on
RewriteBase /
### global rewrite
RewriteCond %{HTTP_HOST} !^www.domain.com$ [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [R,L]
### rewrite to SSL domain
RewriteRule ^symphony(.*)$ https://ssl.domain.com/symphony$1 [R=301,L]
RewriteRule ^about(.*)$ https://ssl.domain.com/about$1 [R=301,L]
### SSL domain
The rules in your SSL `.htaccess` file are the tricky part. **You must exclude SSL items** from being rewritten to the www domain.
RewriteEngine on
RewriteBase /
### force SSL main rewrite is in Debian's host file
### force non-SSL - SSL items other than directories or files must be excluded here!
RewriteCond %{REQUEST_URI} !symphony(.*)$ [NC]
RewriteCond %{REQUEST_URI} !image(.*)$ [NC]
RewriteCond %{REQUEST_URI} !about(.*)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ http://www.domain.com/$1 [R,L]
RewriteRule ^$ http://www.domain.com/ [R,L]
Please note that you will also have to exclude any URLs starting with the word “image” - otherwise you will not be able to use Symphony’s JIT entension to serve images from the SSL domain!
You should also note the comment about the _force SSL main rewrite_. Due to the encrypted nature of SSL connections and the inner workings of Apache there is probably no way to successfully enforce SSL connections in your `.htaccess` file. Instead you will need a rewrite instruction in your SSL sites’s configuration file:
ServerAdmin webmaster@domain.com
DocumentRoot /var/www/ssl.domain.com
ServerName ssl.domain.com
... (more configuration stuff)
### force SSL
RewriteEngine On
RewriteCond %{SERVER_PORT} !443
RewriteRule ^/(.*)$ https://ssl.domain.com/$1 [R=301,L]
ServerAdmin webmaster@domain.com
DocumentRoot /var/www/ssl.domain.com
ServerName ssl.domain.com
... (more configuration stuff)
### domain rewrite
RewriteEngine On
RewriteCond %{HTTP_HOST} !^ssl.domain.com$ [NC]
RewriteRule ^/(.*)$ https://ssl.domain.com/$1 [R=301,L]
Building navigation links
-------------------------
Once you are done with that, you might notice that your navigation links are always pointing to the root domain of the current page, thus provoking lots of redirects. Additionally, they do not look cool, especially if you are on the SSL domain. (In this case every navigation item will point to the SSL subdomain.)
Open up your `master.xsl` file and insert the following **global variable definitions** (before the first `` instruction):
Now open the Symphony backend and navigate to `Blueprints > Pages`. Choose the page “About” and define a page type of “SSL”. Since the navigation datasource will output any page types to XML, you may use them in your XSL.
Open your navigation template in your text editor. If you are working through this tutorial using a default installation of Symphony, it will be named `navigation.xsl`. You will find this template:
active
Replace it by this:
active
Now all the navigation links for SSL type pages should point to the SSL domain, while all the others should still point to your main domain. (These domains have been defined using the global variables in your `master.xsl`.)
There you are. You have mastered a Symphony SSL installation.
--------------------------------
Date
--------------------------------
16 Sep 2009 2:01pm
--------------------------------
Section
--------------------------------
Tutorials
--------------------------------
Category
--------------------------------
Technology
--------------------------------
Tags
--------------------------------
symphony cms, xslt