You could however, <div><br></div><div>Use Name based Virtualhosts (like <a href="http://kohaapoc.yourlibrary.com">kohaapoc.yourlibrary.com</a> and <a href="http://kohastaff.yourlibrary.com">kohastaff.yourlibrary.com</a>) and run both on port 443 for secure. To do this you'll either need two certificates (one for each domain) or a SAN shared certificate with both domain names in it.</div>
<div><br></div><div>An example http.conf might look like (assuming the two certificate approach);</div><div><br></div><div><div>## OPAC Default Access</div><div><VirtualHost <a href="http://127.0.1.1:80">127.0.1.1:80</a>></div>
<div> DocumentRoot /home/koha/kohaclone/koha-tmpl</div><div> ServerName <a href="http://kohalibrary.halton.gov.uk">kohalibrary.halton.gov.uk</a></div></div><div> . . . </div><div><div></VirtualHost></div><div>
<br></div><div>## OPAC Secure</div><div><VirtualHost <a href="http://127.0.1.1:443">127.0.1.1:443</a>></div><div> DocumentRoot /home/koha/kohaclone/koha-tmpl</div><div> ServerName <a href="http://kohalibrary.halton.gov.uk">kohalibrary.halton.gov.uk</a></div>
</div><div> . . .</div><div><br></div><div><div># SSL Setup</div><div># CA Root and Intermediate Certificates</div><div> SSLEngine On</div><div> SSLCACertificatePath /etc/apache2/ssl/certs/</div><div> SSLCACertificateFile /etc/apache2/ssl/certs/gs_combined_ca.crt</div>
<div><br></div><div> SSLCertificateFile /etc/apache2/ssl/certs/kohalibrary.crt</div><div> SSLCertificateKeyFile /etc/apache2/ssl/certs/kohalibrary.key</div><div><br></div><div></VirtualHost></div></div><div><br>
</div><div><div>## Intranet Secure</div><div><VirtualHost <a href="http://109.75.173.120:443">109.75.173.120:443</a>></div><div> DocumentRoot /home/koha/kohaclone/koha-tmpl</div><div> ServerName <a href="http://kohastaff.halton.gov.uk">kohastaff.halton.gov.uk</a></div>
</div><div> . . . </div><div><div># SSL Setup</div><div># CA Root and Intermediate Certificates</div><div> SSLEngine On</div><div> SSLCACertificatePath /etc/apache2/ssl/certs/</div><div> SSLCACertificateFile /etc/apache2/ssl/certs/gs_combined_ca.crt</div>
<div><br></div><div> SSLCertificateFile /etc/apache2/ssl/certs/kohastaff.crt</div><div> SSLCertificateKeyFile /etc/apache2/ssl/certs/kohastaff.key</div><div></VirtualHost></div></div><div><br></div><div><br></div>
<div><br><div class="gmail_quote">2011/5/8 Mizst Audens <span dir="ltr"><<a href="mailto:mizstik@gmail.com">mizstik@gmail.com</a>></span><br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div>No, it's not possible due to the limitation of the architecture. A port can serve only http or https but not both at the same time.</div><div><br></div><div>The transparency of http/https in normal websites is due to the standardization of port 80 and 443. (port 80 runs http, and port 443 runs https, so each port only runs one type of connection) When you don't use these standard ports, you will need to specify the correct combination of protocol and port in order to reach a service.</div>
<div><br></div><font color="#888888"><div>--Mizst</div></font><div><div></div><div class="h5"><br><br><div class="gmail_quote">On Sun, May 8, 2011 at 12:33 PM, Altaf Mahmud <span dir="ltr"><<a href="mailto:altaf.mahmud@gmail.com" target="_blank">altaf.mahmud@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Is it possible to use port 8080 for both purposes (HTTP and HTTPS)? Actually, I just wanted to secure port 8080, can I do that?<br><br>Thanks a lot!<div><div></div><div><br><br><div class="gmail_quote">On Sat, May 7, 2011 at 8:34 PM, Mizst Audens <span dir="ltr"><<a href="mailto:mizstik@gmail.com" target="_blank">mizstik@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex">You must create another virtual host at another port (for example, 8081) for the staff area and enable SSL for that virtual host, and it will require another SSL certificate. Your staff will need to use (example) <a href="https://127.0.1.1:8081" target="_blank">https://127.0.1.1:8081</a> if they want to use SSL, and <a href="http://127.0.1.1:8080" target="_blank">http://127.0.1.1:8080</a> if they don't want to use SSL.<div>
<br></div><div>Note that <a href="https://127.0.1.1" target="_blank">https://127.0.1.1</a> is in fact an alias for <a href="https://127.0.1.1:443" target="_blank">https://127.0.1.1:443</a>. You already used 443 for the OPAC, so you'll need another port for the staff.<br>
<div><br></div><div>--Mizst<br><div><br><br><div class="gmail_quote"><div><div></div><div>2011/5/7 Altaf Mahmud <span dir="ltr"><<a href="mailto:altaf.mahmud@gmail.com" target="_blank">altaf.mahmud@gmail.com</a>></span><br>
</div></div><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204, 204, 204);padding-left:1ex"><div><div></div><div>
Hello,<br><br>I'm trying to implement SSL in my Koha server running on Debian 6.0 (squeeze). I've implemented it for my OPAC view, I've created another file 'koha-ssl' in ../apache2/sites-available/ directory and enabled it. I've edited ../apache2/sites-available/koha like following:<br>
<br>NameVirtualHost *:80<br><VirtualHost <a href="http://127.0.1.1:80" target="_blank">127.0.1.1:80</a>><br clear="all"><br> .....<br> .....<br><br></VirtualHost><br><br>And ../apache2/sites-available/koha-ssl like following:<br>
<br>NameVirtualHost *:443<br><VirtualHost <a href="http://127.0.1.1:443" target="_blank">127.0.1.1:443</a>><br>
.....<br><br> SSLEngine On<br> SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem<br> SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key<br> <br>
.....<br></VirtualHost><br><br>Now <a href="https://127.0.1.1/" target="_blank">https://127.0.1.1/</a> is showing the OPAC. But I can't figure it out how to implement it for staff-view <VirtualHost <a href="http://127.0.1.1:8080" target="_blank">127.0.1.1:8080</a>> <br>
Request for port 80 is redirecting to port 443, how can I do that for port 8080? In fact, I don't have any prior idea on doing this; a descriptive suggestion is appropriate for me.<br><br>Thanks.<br><font color="#888888"><br>
<br><br>-- <br>
Altaf Mahmud<br>System Programmer<br>Ayesha Abed Library<br>BRAC University<br>Bangladesh.<br><br>
</font><br></div></div>_______________________________________________<br>
Koha mailing list <a href="http://koha-community.org" target="_blank">http://koha-community.org</a><br>
<a href="mailto:Koha@lists.katipo.co.nz" target="_blank">Koha@lists.katipo.co.nz</a><br>
<a href="http://lists.katipo.co.nz/mailman/listinfo/koha" target="_blank">http://lists.katipo.co.nz/mailman/listinfo/koha</a><br>
<br></blockquote></div><br></div></div></div>
</blockquote></div><br><br clear="all"><br>-- <br>Altaf Mahmud<br>System Programmer<br>Ayesha Abed Library<br>BRAC University<br>Bangladesh.<br><br>
</div></div></blockquote></div><br>
</div></div><br>_______________________________________________<br>
Koha mailing list <a href="http://koha-community.org" target="_blank">http://koha-community.org</a><br>
<a href="mailto:Koha@lists.katipo.co.nz">Koha@lists.katipo.co.nz</a><br>
<a href="http://lists.katipo.co.nz/mailman/listinfo/koha" target="_blank">http://lists.katipo.co.nz/mailman/listinfo/koha</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div>Martin Renvoize</div><div>Software Developer, PTFS Europe Ltd</div><div>Content Management and Library Solutions</div><div><a href="mailto:martin.renvoize@ptfs-europe.com" target="_blank">martin.renvoize@ptfs-europe.com</a></div>
<div>skype: Martin Renvoize</div><div><br></div><div><a href="http://www.ptfs-europe.com" target="_blank">http://www.ptfs-europe.com</a></div><br>
</div>