TuQuoc.org

As I like to have secure logins even on my private Web page (my paranoia ), I was looking for a simple solution to use HTTPS for the Login process. And, as it is all the time, it got more complicated than I expected. So, for every one who is interested in:

1. I tried the Secure Pages module which wasn't working for me. Don't ask why; I got finally tired to configure it.
2. I found a configuration error in my Apache VirtualHosts: ServerAlias Tags are just using Hostnames WITHOUT Portnumbers (for more info see the Apache VirtualHost explanation).
3. This blog entry (that was posted on my birthday by the way ) helped a lot.

And that's what I have done:

• In all VirtualHosts of Apache I removed the portnumbers of the ServerAlias Tags
• Added a new VirtualHost for HTTPS like:

• Edited the existing default VirtualHost for HTTP and added the following:

PATH1|PATH2|PATHS THAT SHOULD BE HTTPS has to replace by the paths for which the webserver should switch to HTTPS.

Et voila: A simple solution who has come a long way, baby

Update: If you are using tags in the blog entries the fancy AJAX-Show-Possible-Tag feature isn't working quite well. When editing blogs under HTTP it's working, under HTTPS it isn't. I found out, that you can choose with the base_url variable in the settings.php under which protocol it should work. So, if the base_url starts with http:// it will work with HTTP and if it starts with https:// HTTPS will work.