Forum OpenACS Development: More host_node_map, selective SSL?

We are serving multiple sites from one OpenACS instance. The main subsite requires SSL for login. We want to not require SSL for the subsite that is mapped with the host_node_map.

Right now there is an ACS Kernel parameter to restrict login to SSL.

I can think of two solutions. 1) add a parameter to acs-subsite for RestrictLoginToSSLP or add an additional column to host_node_map table.

Does anyone have any ideas? How useful would this be generally?

Isn't SSL/https restricted at most to one per IP? I don't think you can rely on using the Host header with SSL since it is encrypted. I hope I'm wrong, because that would essentially limit any site which wants to use SSL on more than one subsite.

Although maybe there is a trick with getting AOLserver to listen on more than one IP, both mapped to the same vitual server. SSL would use the IP:Port of the socket to get into OpenACS, then OpenACS would do the host node mapping.

It looks like SSL is setup with the virtual server, and may not need a pre-bind for the IP:Port, or at least for the port. But that means you would still have to use a virtual hosting configuration for the non-ssl connections to the same host.

Anyway, it doesn't look like you can come up with an OpenACS only solution to this, somehow the AOLserver configuration will need to track what is happening in OpenACS.

Does anyone run SSL with OpenACS subsites for more than one domain?

Dave,

Exactly, you can have multiple IP addresses pointing to one OpenACS instance but overall it looks too difficult to provide an OpenACS only solution to your situation. Admins will need to get their hands dirty.

It would still be interesting to hear from anyone running SSL for multiple domains on one OpenACS instance using subsites.