SSL / HTTPS and overall application / virtual host layout

[Wuhtzu]

Hey

 

This is a rather broad question, but I hope I can get some good advice from all you fine coders on this forum.

 

I have recently purchased a secure certificate for my host name (secure.mydomain.dk) because I wanted to get acquainted with the whole secure http concept but I have run into some major questions regarding how to layout an application (and virtual hosts on my apache webserver) which only requires for example the login, check out or similar to be done via https...

 

For example, the virtual host handling request for secure.mydomain.dk could point at the same directory as mydomain.dk, that would allow scripts to be accessed via both http and https, but it would also allow scripts which should only be accessed via https to be accessed via http which is not intended. The virtual hosts could also point at different directories, but then the application would have to be split up, e.g. the login scripts being served from one directory and the rest from another. That would cause some head eggs if one used a framework I could imagine...

 

So I would love some general advice / theory about how to lay such an application out. How do you guys do it ect.? What virtual hosts would you setup, what should directory should be their web root ect.? Experience from both large projects and smaller projects are more than welcome.

 

Please let me know if this is simply too broad and if I need to be more specific

 

Regards Wuhtzu

 

[Daniel0]

You could store it in the same folder. Then check the host name on all pages. If it's note secure.mydomain.dk but it has to be, then redirect and vice versa.