Placement on Server + Config

[newosguy]

I have a working OSC store at: xxxx.com/catalog/

 

the ftp path is: /xx/catalog/

 

Now, I am having my hosting company install a "Dedicated SSL Certificate" -but I don't want my whole site secure, only the "Store".

 

So I created a sub-domain "store.xxxx.com"

 

I created a ftp folder at: /xx/store

 

If my hosting company now installs the SSL Certificate at /xx/store, Will the store be secure and the rest of my site not secure?

 

 

 

I assume I'll also need to completely uninstall OSC from /xx/catalog/ and reinstall to /xx/store/catalog/ Right?

 

If that's true, does moving "catalog" mean I have to start everything all over or can I somehow use a server side backup to "restore" - "catalog" to the new location?

 

 

In other words, can I get:

 

 

mysql -hdb924.xxxxx.net -udboxxxxxx557 -p db2xxxxxx557 < /homepages/34/dxxxx992/htdocs/xx/ xx/catalog/

 

to:

 

mysql -hdb924.xxxxx.net -udboxxxxxx557 -p db2xxxxxx557 < /homepages/34/dxxxx992/htdocs/xx/ xx/store/catalog/

 

Using:

 

mysql -hdb924.xxxxx.net -udboxxxxxx557 -p db2xxxxxx557 < /homepages/34/dxxxx992/htdocs/xx/ xx/catalog/admin/backups/db_db20573 1557-20080710022110.sql

 

 

or??

 

any tips on how to make the switch and if what I have outlined will work ?

[jamartin]

This seems quite complicated.

 

But in general terms, if you don't allow the https prefix in your not-store pages, then they will be no secured by SSL. I think that you can control everything you need with the .htaccess and mod_rewrite (if your store is running on a Apache server of course).

 

In .htaccess you can check if the requested host is or not secure, and then redirect to the non-secure version if the requested uri is a page that you don't want to secure. Ask to someone expert in mod_rewrite. If you search on major search engines, you could fin useful information and even dedicated forums where you can ask for assistance.

 

The other question, how to move the catalog folder, you really don't need to move it "physically". Again, using mod_rewrite in your .htaccess file you can make that a request to your-store.com/bla-bla/ shows your store even if you have not a bla-bla folder in your site. mod_rewrite allows to run your store in your current /catalog/ folder, and make the visitors se anything.your-store.com/anything in the URL. This means you can make your visitors type store.xxxx.com without having to move your files, neither the catalog section nor the admin section, or whatever. But again, I recommend you to ask to someone expert in this field, or look on Internet for further information (there is a lot written about this theme).

 

Regards,

[newosguy]

This seems quite complicated.

 

But in general terms, if you don't allow the https prefix in your not-store pages, then they will be no secured by SSL. I think that you can control everything you need with the .htaccess and mod_rewrite (if your store is running on a Apache server of course).

 

In .htaccess you can check if the requested host is or not secure, and then redirect to the non-secure version if the requested uri is a page that you don't want to secure. Ask to someone expert in mod_rewrite. If you search on major search engines, you could fin useful information and even dedicated forums where you can ask for assistance.

 

The other question, how to move the catalog folder, you really don't need to move it "physically". Again, using mod_rewrite in your .htaccess file you can make that a request to your-store.com/bla-bla/ shows your store even if you have not a bla-bla folder in your site. mod_rewrite allows to run your store in your current /catalog/ folder, and make the visitors se anything.your-store.com/anything in the URL. This means you can make your visitors type store.xxxx.com without having to move your files, neither the catalog section nor the admin section, or whatever. But again, I recommend you to ask to someone expert in this field, or look on Internet for further information (there is a lot written about this theme).

 

Regards,

 

 

 

thanks for that

 

 

if what you say is true I can just SSL protect the whole site, leaving everything where it is, and all my pages that I want none secure I have to figure out how to log into and use .htaccess to mod_rewrite - EVERY page in my site individually that I want non secure- by forbidding https per file. can you forbid https per directory?

 

anyone have an opinion as to if its more work to move the SSL cert to a sub domain or mod_rewrite the pages?

[newosguy]

OK, after a cup of coffee I think I get what I need to do.

 

 

Assign the SSL Cert to the the existing OS COMM "catalog" folder at /xx/catalog/

 

 

Create an .htaccess file that has this code:

 

 

RewriteEngine on

RewriteCond %{SERVER_PORT} ^80$

RewriteRule ^(.*)$ https://store.xxxx.com /$1 [R]

 

 

Place it on the top level: /xx/

(not in the catalog folder)

 

 

 

Now, whether a visitor goes to:

 

xxxx.com

 

or

 

store.xxxx.com

 

my main site will not be protected - but any Link I place in my main sites pages that goes to xx/catalog will be protected

 

 

 

Is this right?

 

 

 

Im still a bit confused because right now store.xxxx.com goes to the home page of my OSC store----

but if I then click any link in my OSC store, the url reads:

 

http://www.xxxx.com/catalog/login.php

 

instead of

 

http://www.store.xxxx.com/catalog/login.php

[newosguy]

OK forget the earlier posts, this is where I stand now:

 

 

GOAL: My main site will not be SSL protected - but my store will be SSL protected: On http://xxxx.com/index.html -I can place a link to- https://www.store.xxxx.com

 

I have a working OSC store at: xxxx.com/catalog/

 

the ftp path is: /xx/catalog/

 

As part of the OSC configuration- an .htaccess file resides inside the catalog folder.

 

 

I then had my host (1and1) install an SSL certificate.

 

But I don't want my whole site secure, only the "Store".

 

So I created a sub-domain "store.xxxx.com"

 

I created a ftp folder for store.xxxx.com at: /xx/catalog/

 

I had 1and1 assign the SSL Cert to the existing OS COMM "catalog" folder at /xx/catalog/

 

I created an .htaccess file that has this code:

 

RewriteEngine on

RewriteCond %{SERVER_PORT} ^80$

RewriteRule ^(.*)$ https://store.xxxx.com /$1 [R]

 

Results:

 

If I place the .htaccess file on the top level: /xx/ (not in the catalog folder) I get: 500 Internal Server Error trying to access http://xxxx.com/index.html. As well trying to access , https://www.store.xxxx.com yields: Data Transfer Interrupted.

 

If I place the .htaccess file in /xx/catalog/ it would of overwrite the OSC .htaccess file.

 

I was told I had to include:

 

RewriteEngine on

RewriteCond %{SERVER_PORT} ^80$

RewriteRule ^(.*)$ https://store.xxxx.com /$1 [R]

 

in the OSC .htaccess file- but I added it > uploaded it to /xx/catalog/ and could not access My Site or My Store.

 

Bottom line is, I’m not sure my setup is correct and don’t know if I can Mod_Rewrite my way out of this mess or if I need to start over with OSC or move some thing around or all of the above….any tips welcome

[jamartin]

Ok. I am not expert in this field, but in general terms:

 

Are you sure you NEED to secure all of your pages of catalog/ ??

 

I mean, maybe catalog/index.php and catalog/index.php?cPath=any doesn't really needs to be secured. But maybe the login, checkout_*, and so on. The tep_href_link() helps you control this. In a new osCommerce installation, there are link to the secure version of the page if that is needed. Everytime you see tep_href_link(FILENAME_SOME_FILE) or tep_href_link(FILENAME_SOME_FILE, 'NONSSL'), the link generated is not secured (http:// instead of https://). When you see tep_href_link(FILENAME_SOME_FILE, 'SSL'), then osC will generate a secure link (if this is enabled on the admin section, of course).

So, if you just want to secure the pages that osC thinks that need to be secured, then DO NOT ADD the mod_rewrite instructions you posted above.

 

By Adding those instructions, you are asking Apache to secure all the pages of your store. However, I don't know if osCommence allows this by default.

 

On the other hand, note that you can also make exactly the opposite to achieve your goal. I mean, you can install the SSL to cover all your domain, but when a page that you don´t want to be secured has been requested as secure, then redirect it to the non-secure version. If you ask me about advantages and disadvantages, I can only think that this way gives you a more easy way to control the parts of your domain that you want to be secured (by a single .htaccess file in the root of your site).

 

As I told you earlier, I am not expert in this field, but if I were about to create a sub domain named store, and if my store were physically located in /catalog/ folder, and If I don't want to move that folder because configuration issues or any reason, then I 'll do something like the following:

 

- change the includes/configure.php and admin/configure.php to:

 

  define('HTTP_SERVER', 'http://store.mysite.com');
 define('HTTPS_SERVER', 'https://store.mysite.comt');
 define('DIR_WS_HTTP_CATALOG', '/');
 define('DIR_WS_HTTPS_CATALOG', '/');

 

(leaving the others values as they are). This is required to the function tep_href_link() and others to work properly.

 

- use mod_rewrite to make that any request to store.mysite.com/anything get processed to the catalog folder

 
RewriteCond %{HTTP_HOST] store.mysite.com/(.*)
RewriteRule catalog/%1 [NC,L]

 

- use mod_rewrite to redirects all the requests link http://mysite.com/catalog/anything

 

 # The first line is to prevent internal redirections, like from store.mysite.com/anything to catalog/anything
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^catalog/(.*) [url="http://store.mysite.com/$1"]http://store.mysite.com/$1[/url] [R=301,NC,L]

 

 

I've not tested it. So ask to someone expert for more information and bug fixes. Maybe if you search on internet by "mod_rewrite forum" you can find the right people to ask this.

 

When you got it, please post the correct way to do it for reference.

 

Regards,

[newosguy]

When you got it, please post the correct way to do it for reference.

 

Regards,

 

 

Absolutely I will, I'll look into this and post all results until its solved.

 

Im going to take it 1 step at a time.

 

when you say: "change the includes/configure.php and admin/configure.php" I do see "includes/configure.php" -----I don't see: "admin/configure.php" only admin/includes/configure.php or admin/configuration.php

 

 

 

As well, I did notice in includes/configure.php

 

define('ENABLE_SSL', false);

 

should that be true?

[newosguy]

https://www.store.xxxx.com is now accessible but on certain browsers the CSS and images are blown out and none of the links are right.

 

 

It amounts to the fact that I don't have it set up right.

 

I appears that the mod_rewrite is working but images and links and pages within the "catalog" folder (which is the entire OSC store) are not subsequently configured right.

 

Im guessing I have to now modify the php but:

 

If I remove the store and install clean -and during setup use- https://www.store.xxxx.com -instead of- http://www.xxxx.com

 

 

 

still installing to: xx/catalog -will that solve everything?

[jamartin]

As well, I did notice in includes/configure.php

 

define('ENABLE_SSL', false);

 

should that be true?

 

Yes... I made a typo.. sorry... This kind of typos usually occurs.

 

https://www.store.xxxx.com is now accessible but on certain browsers the CSS and images are blown out and none of the links are right.

I've tried to access right now to see CSS issue, but it tells me about a Error Code 12263 or something like that. I wonder if xxxx.com is the right domain.

 

Im guessing I have to now modify the php but:

 

If I remove the store and install clean -and during setup use- https://www.store.xxxx.com -instead of- http://www.xxxx.com

 

still installing to: xx/catalog -will that solve everything?

 

As long as I think, yes, it should solve the problem. However, I've never done that, so I cannot be sure.

 

Regards,