Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

HELP: SSL-access by a separate folder


Guest

Recommended Posts

Hi!

 

I will get a new ISP soon, and I just discovered, that at the new ISP the normal web-access and the SSL-access work by using different folders:

 

/www/home -> normal web-folder

/www/SSL -> SSL-folder (shared-SSL)

 

How does a sollution for this look like ???

 

Do I always have to copy all show-files to both folders then ???

 

(Until now at our old ISP the shared-SSL-url simply pointed to the normal web-folder, and this way it was no problem, to have all data simply in only one folder)

 

Greetings,

Master One

Link to comment
Share on other sites

  • Replies 68
  • Created
  • Last Reply

In both admin and catalog/includes/configure.php

define('HTTP_SERVER', 'http://normal web-folder '); // eg, http://localhost - should not be empty for productive servers

 define('HTTPS_SERVER', 'https://SSL-folder (shared-SSL) '); // eg, https://localhost - should not be empty for productive servers

 define('ENABLE_SSL', true); // secure webserver for checkout procedure?

 

HTH

The_Bear

Link to comment
Share on other sites

@The_Bear

 

Thank's for your answer, but the configuration is not the problem. Maybe I didn't point this our quite well:

 

It is a question about placing the necessary files, because have to use two different web-folders for normal and SSL access, it means when the shop switches to SSL, not only the url changes, but also the web-folder, where the requested files are in.

 

It's the same, as if the show would switch to a complete different server, then using SSL.

 

So I assume, either I will have to copy all shop-files to both web-folders (makes it unhandy, as the shop will need the double web-space then, and I will have to upload to both folders everytime I change something), or I will only have to copy certain files to the SSL web-folder, which are accessed when using SSL.

 

Maybe someone can take a look at this matter and give me some more hints.

 

Sincerely,

Master One

Link to comment
Share on other sites

@The_Bear

 

No, this matter has nothing to do with the certificate itself.

 

Please read again, what I exactly wrote above.

 

The problem is, the ISP gives TWO seperate web-folders for normal and SSL web-access.

 

When I install all OSC files into the normal web-folder (/www/home/), the SSL folder (/www/SSL/) would stay empty. If everthing is configured correctly, the URL for SSL-access (pointing to /www/SSL/) would point to an empty directory then, because all OSC files are in the normal web-folder (/www/home/). If the show switches to SSL, an error would come up, because the requested file using the SSL-URL is not present in the SSL directory.

 

As I understand this is quite common, that different directories are used for normal and SSL access, so there has to be a simply sollution then also.

 

Please, anybody ???

 

Sincerely,

Master One

Link to comment
Share on other sites

Yes i do understand very well what you mean

Go in the search box and write this *shared ssl certificate * (with the asterix) and read around you will see what i mean :wink:

 

HTH

The_Bear

Link to comment
Share on other sites

@The_Bear

 

Nope, sorry, but you are still thinking about something other.

 

I took a look at all available information using the search box, and I come to the following conclusion:

 

Most people are having the wrong idea about shared SSL, because there are two possible ways, a hoster can set up the use of shared SSL:

 

1. Normal-URL & SSL-URL are both pointing to the same web-directory: This is the best sollution, because there is only one folder, where to put all files into, and you only have to enter both URLs in the config.php files. The shop then does the switching without any problem. This seems to be the standard case for most hosters.

 

2. Nomal-URL & SSL-URL are pointing to different directories on the same server or different servers. This is causing the problem, because usually you have all files in your normal web-folder, but to use the shared SSL URL, you will have to copy all shop-files also to the SSL-folder, as both URLs simply access different locations.

 

I am having troubles, because my new hoster is providing sollution #2, so I have a normal web-folder at

 

/www/home

 

and a SSL-folder at

 

/www/SSL

 

This way it is IMPOSSIBLE to simply let all files in only one folder. If I have all files only in /www/home, the switch to SSL using the SSL-URL will lead to the empty /www/SSL folder!!! So it will only work, if all files (as I do not know, which files are accessed using SSL) will be copied to the /www/SSL folder as well.

 

Believe me, there is no other way to make it work, when having two SEPERATE directories for nomal- & SSL-access.

 

If you have a sollution or other hint about this, so how to use this configuration WITHOUT having all files in BOTH folders, please tell me, but without pointing to the search box (which didn't bring up any sollution for this matter on 6 result pages).

 

Of course the idea came up, to set a symbolic link from the SSL dir to the HOME dir, but I thing there is something wrong with this idea, at least the support guy of my new hoster told me this is not possible, but I'll send a support request again, to get an explaination for this.

 

As I have seen, a lot of guys are having the same problem than me, and many times the answers for their questions did not match the question, when someone is talking about TWO SEPARATE DIRECTORIES, and the answer comes up for a sollution when only having ONE COMMON DIRECTORY.

 

As I told you, until now there has no sollution for this matter been published here on this board, and it is getting time, that someone clearifies this up, either by confirming, that the only way is to copy all shop-files to both folders, or by telling, which files have to be present in the SSL folder.

 

I really do not want to copy all files into both folders, as it gets unhandy and will need twice the space than with sollution #1, but I'll have to, if no other hint is comming up.

 

Sincerely,

Master One

Link to comment
Share on other sites

I have a strong suspicion that the simplest way around this is to simply get a new host that is more supportive. I think that they don't like the symlink because they feel it is a security hole. You may want to try pointing out to the sales staff that you will not be able to use them as a host unless they can resolve this. I don't see a better solution for you.

 

Good luck,

Matt

I love deadlines. I like the whooshing sound they make as they fly by. ---Douglas Adams

Link to comment
Share on other sites

@mdfst13

 

I thought, that someone will come up with that hint, but this is not an issue, as the webhosting of my new provider is included in my new internet access package, and it's worth 18,- EURO a month. They offer a nice service, featuring all that's needed for hosting also an osCommerce system including enough web-space, fair-use data-transfer and an email server. Nearly the same service as my former webhost provided at a cost of $25 a month, except that the former webhost also allowed the use of my own SSL certificate for that price.

 

But I have to cut costs, and I don't want to add another webhost for extra costs when I have a webhost feature included in my internet access package for that price.

 

With my new ISP I would have the option of an upgrade to a webhost "plus" package for 24,- EURO extra a month, then I would be able to also use my own cert, but as I do not need the other features (as more web-space and more email addresses) the extra cost is not worth for me of course (24,- EURO each month in addition only for the ability of using my own cert is completely out of question).

 

So I still hope, I can get it running under these circumstances, so with shared-SSL using two separate web-folders.

 

Any more hints anyone ???

 

Sincerely,

Master One

Link to comment
Share on other sites

No new ideas about this matter ???

 

As I already mentioned, a lot of people seem have to have the same problem, but until now, no sollution has been found.

 

If I can save 24,- EURO each month by using a shared-SSL-cert instead of my own cert, I would say I should definitely go this way, if it is technically possible (the shared-SSL-URL doesn't look that bad).

 

If there is no other way, than to copy files in both web-folders, maybe someone knows, which files exactly have to be put in the SSL folder, so that not all files have to remain twice on the server. I have 200 MB included in my webhosting package, so I should have no problems with space also when having to put the whole shop twice on the server, but of course I would like to prevent this.

Link to comment
Share on other sites

Did you find out anything on this ?

 

I have the same problem and I was wondering if I should just move all the shop files over to the secure directory. I tried moving some but because of all the includes and requires it seems that the easiest way would be to move the whole thing over.

Link to comment
Share on other sites

@compmed

 

Yes, until someone tells something about any other sollution, I think the only way is to copy all shop-files to both web-directories.

 

I'll have to wait, because the transfer from my old to the new ISP is not finished, and I also want to wait to start all over again with MS2.

Link to comment
Share on other sites

Would it be ok to have files installed ONLY in secure folder rather than both folders. As you mentioned earlier it makes things messy if all mods had to be duplicated.

Link to comment
Share on other sites

@compmed

 

It may be a good idea, but then you would need a forwarding page which accesses the start page in the SSL folder. I will not go this way due to possible problems with search engines, it also slows down the web-access and the swap from your normal URL to the shared-SSL-URL, which is visible in the browser all the time then (except when using a frame, but this will bring up other problems, as I already found out with earlier experiments). I'd like the shop running normaly, as it was ment to be, so swap to SSL only when necessary.

Link to comment
Share on other sites

Hi there,

 

We are having the same problem with our installation of SSL with our hosting company. Not only do we have to use a searate folder, we have to use a separate domain name and link to gain access to the SSL server. This makes it all but impossible for us to use this implementation of OSCommerce.

 

If we were to use it we would have to copy all of our files over to the SSL side and try to alias the SSL domain name, which really isn't a workable solution.

 

Question: Could this be a possible solution? Create an SSL only folder that contained all of the files and or functions that require SSL, like the checkout and account admin functions. The catalog functions would be in the unsecured folders.

 

The code would need to be modified to represent the links to the new folder designations. I'm not sure what other detailed issues would pop up. I fear that this might require a major rewrite though.

 

If anyone else has any ideas on how to modify the code to make this server configuration work, I'm sure there will be many people who would appreciate it. This is really great software and I would really love to find a way to use it.

Link to comment
Share on other sites

JUST another user having the same problem...

 

and....

 

I've even tried copying all the files in both directories to my SSL site but still have connection errors into MySQL database files...

 

any ideas or clues about this???

 

ANY one with OsCommerce Team willing to address or assist us users with this problem???

 

Help!!

 

David

Thanks in Advance!,

 

David Whitford

Take Offs are Optional, Landings are Mandatory!

Link to comment
Share on other sites

Copying the file in both folders and setting up the config.php files should be no problem.

 

If the SQL access doesn't work, the only way is to contact the hoster and tell him to set up the SQL server to allow access from the machine the SSL folder is on. There is definitely no other way.

 

Good luck,

Master One

Link to comment
Share on other sites

Also just make sure your catalog/includes/configure.php has the following lines

 

define('HTTP_SERVER', 'http://www.yourdomain.com');

define('HTTPS_SERVER', 'https://www.yourdomain.com');

define('ENABLE_SSL', true);

Link to comment
Share on other sites

I've been testing mutlipe carts on different hosts, and I'm finally flipping the switch for SSL as I'm purchasing the certs.

 

But now I'm facing this same problem. Like you I've been digging into the forums for the answers but I keep finding the same unanswered question.

 

I guess you could add me to the list of interested parties. :)

Link to comment
Share on other sites

I still do not have it in use here, but I know now, that my hoster has both directories on the same server, so I do not expect any difficulties, when the shop switches between the two folders, and this way also the SQL access should work fine.

 

The only problem, that remains (at least for me) is, that noone made a statement, which files are exactly needed in the SSL folder (so what files, folders, graphics... are used using SSL access), and as I do not have the time to play that much to find it out by myself, I will have to stick with the sollution of copying all shop files in both folders. Of course I am not happy with this sollution, it's a waste of web-space and bandwith (and time, expecially when having to upload twice after changing something). But that's the only issue, as I will simply upload, all changes are done on a local test-environment.

 

So if anyone knows, which files are needed in the SSL folder exactly, please tell us, this is a major interest.

 

Sincerely,

Master One

Link to comment
Share on other sites

I can forsee having this same problem. I was planning on setting up a secure certificate on my main domain and using it as the secure server for multiple carts on different domains. This would save me from purchasing a cert for each domain. It seems like a great idea in thought, but will it be possible to do?

 

In essence I'll be using the cert on my main domain as if it were a shared SSL. I'd much prefer doing this than having to buy multiple certs. It would be great if someone could give a definitive answer on how to deal with this issue.

 

Right now it looks to me like I would have to install all my carts on my secure server domain and also seperately on each store domain.

If I could only put certain files needed on the secure domain, the only concern I would have with that is whether it would actually work swapping back and forth and accessing the databases etc.. I can't see how that would be possible. Thus we are most likely back to the need to copy the whole cart files and most probably each cart database to the secure domain. Then there is the issure of where to admin the cart from and where would customer account files be kept etc... I could see that becoming a real nightmare.

 

Basically I will be forced to get a secure cert for every store I build.

And that just stinks.

 

Does anyone know if I setup my carts on the secure domain name and then forward my other domain name to it whether it would work? I have other domains that I forward like that and it shows the domain typed in rather than the domain that the files actually reside on. This basically masks the other domains name, but I am not sure this will work when switching back and forth from secure pages to unsecured pages.

I'd really like to figure this out before buying a secure cert. Anyone have ideas or input on this.

Link to comment
Share on other sites

@The_Bear

...

Most people are having the wrong idea about shared SSL, because there are two possible ways, a hoster can set up the use of shared SSL:

 

1. Normal-URL & SSL-URL are both pointing to the same web-directory: This is the best sollution, because there is only one folder, where to put all files into, and you only have to enter both URLs in the config.php files. The shop then does the switching without any problem. This seems to be the standard case for most hosters.

 

2. Nomal-URL & SSL-URL are pointing to different directories on the same server or different servers. This is causing the problem, because usually you have all files in your normal web-folder, but to use the shared SSL URL, you will have to copy all shop-files also to the SSL-folder, as both URLs simply access different locations.

...

Sincerely,

Master One

 

I'm trying to get option 2 to work:

 

my normal-url is: www.ggfantasy.com

my ssl-url is: www.safesite.co.il/safesite/ggg

 

I now have a symbolic link at the ssl folder but I think it is pointing to the wrong place -> /home/ggg/www

 

I do not want to copy all the catalog to the ssl folder.

 

Any thoughts?

Link to comment
Share on other sites

  • 2 months later...

Same problem here, so this is what I've done so far.

The hosting company provided a shared ssl certificate but the directory for the ssl file's (eg login.php) was on a different server. I read the advise in these forums and configured my configure.php to point to http://www.myspace.com.au and https://www.ssl.secured.space.com.au.

When I tested the site and tried to login I got a 'page not found' message. No supprise there, since clicking on the login button causes the site to look for a 'login.php' page, located in https://www.ssl.secured.space.com.au/catalog/login.php as opposed to looking for the same file in http://www.myspace.com.au/catalog/login.php which was the directory before enabling ssl.

So I tediously looked at each error message in turn and copied the required files to the relevent directory on the secure server. Until I got a database error.

This error is caused by trying to access the database from 'localhost'. But the database doesn't reside on the secure server, it resides on the non-secure server.

Setting the path to the database as a full path ie. http://www.myspace.com.au rather than localhost should have solved this but I then got an access denied error.

I checked with the ISP to make sure I had the correct address for the database but I was informed that I could not access the database from a remote server.

So looking at what I had, only 1Mb of secure space to store all the required files (not nearly enough) and no remote database access I decided to take a deep breath and purchase a full certificate.

The certificate will be applied to my domain www.myspace.com.aus soon. So I will be able to start testing once thats done.

One thing worries me though. I have been told that I have to put the secure files in the www.myspace.com.au/https directory as opposed to the existing www.myspace.com.au/http directory. So I may still have the same problems as everyone else and have to duplicate the files.

Link to comment
Share on other sites

  • 1 month later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...