Galaxies sites and SSL

As of Continuum CMS #40, 13.8.0 and above, the following protocol options are supported:

http
subdirectory
http
subdomain
http
domain
Windows
Windows
offloaded SSL
Linux
Linux
offloaded SSL
https
subdirectory
https
subdomain
https
domain
Windows [2] [1]
Windows
offloaded SSL
[2] [1]
Linux
Linux
offloaded SSL

SSL certificates, and associated files are not content managed and must be uploaded by a server administrator.

On Windows installations, SSL must configured on the server using the appropriate IIS interface.

Notes

  1. Requires Subject Alternative Name (SAN) certificate on IIS 7.5. Further information on binding multiple sites on same IP address and Port in SSL on IIS. IIS 8 allows multiple SSL certificates to be supported on the same IP/Port using Server Name Indication (SNI).
  2. Require use of a wildcard or Subject Alternative Name (SAN) certificate on IIS 7.5.

Enabling galaxies sites SSL configuration

Linux

  1. Add the following elements to <JADU_HOME>/config/constants.xml.
    • <galaxies_ssl_enabled>1</galaxies_ssl_enabled>
      Set value as 1 to enable SSL galaxies sites and 0 in all other cases.
    • <galaxies_ssl_port>443</galaxies_ssl_port>
      The value of SSL port should be adjusted according to your systems configuration eg. 8443 when SSL is offloaded.
    • <galaxies_offloaded_ssl>0</galaxies_offloaded_ssl>
      Set the value to 1 if SSL is offloaded, and 0 in all other cases.
  2. Clear application config cache
  3. Duplicate <JADU_HOME>/microsites/templates/apache/vhost.cfg and rename vhost-ssl.cfg.
  4. Add %SSLFILES% to vhost-ssl.cfg with in the <VirtualHost> element.
  5. Open /etc/httpd/conf/httpd.conf and add NameVirtualHost *:443 or NameVirtualHost *:8443 depending on your SSL port number.
  6. Create a blank file, <JADU_HOME>/var/galaxies_vhosts_ssl.conf and set user, group and permissions on file such that the apache user can read the file, and the application user can write to the file.
  7. Open /etc/httpd/conf/www-domain-com-ssl.conf and change the last line from Include <JADU_HOME>/var/galaxies_vhosts.conf to Include <JADU_HOME>/var/galaxies_vhosts_ssl.conf

To force all site traffic to use HTTPS, follow the instructions in To force all site traffic to use https

Windows

  1. Confirm that <JADU_HOME>\microsites\templates\apache\vhost.cfg file is present.
  2. Publish your galaxies site.
  3. Navigate to IIS Manager
  4. Select the galaxies site from Sites list (in the left menu)
  5. Right click on the site entry and select "Edit Bindings"
  6. Select https from the dropdown list
  7. Add the hostname and binding to the SSL port eg. 443
  8. Select the SSL certificate from the SSL certificate dropdown
  9. Save
  10. Restart the site's application pool, or restart IIS for the changes to take effect.

To force all site traffic to use HTTPS, follow the instructions in To force all site traffic to use https

Adding binding to a site in IIS

results matching ""

    No results matching ""