Hi,
I have an octopus instance which has SSL and nginx SSL enabled as there is a chance that the client may want an e-commerce site at somepoint in the future. Unfortuneatly this seems to mean that all sites on the platform are available via http:// and https:// and the server / domain is setup with self-signed certs at the moment so it causes a big warning to appear when navigating to the site using https://.
The client does not want SSL for this specific site so is there any way to stop the server from serving the https:// requests or redirecting them back to a non-secure connection? This only came to light because they received a message from their webmaster account that the site is reachable as a secure connection using an untrusted certificate.
I guess I could disable SSL completely for the octopus instance but that would mean I would need to use a separate instance for the ecommerce sites as and when they want them.
TIA,
JamieT
Comments
Comment #1
omega8cc CreditAttribution: omega8cc commentedYou would need to add an extra IP with local HTTP-only proxy and change this domain DNS A record to point it to this extra IP. This will get it out of the reach of the default SSL proxy with self-signed cert.
Comment #2
omega8cc CreditAttribution: omega8cc commentedAlso, we don't support or recommend the Aegir built-in SSL features (yet).
Comment #3
jamiet CreditAttribution: jamiet commentedThanks for the update (sorry for the delay in responding my email notifications on d.o were not set correctly). I'll take a look at your suggestion.
Out of interest your comment about BOA not supporting Aegir native SSL - does this mean the BOA SSL magic is there by default on all octopus instances and there is no need to enable the SSL/nginx SSL support features under hosting->features within the Aegir control panel?
TIA,
JamieT
Comment #4
omega8cc CreditAttribution: omega8cc commentedYes, it is explained in the how-to: http://drupalcode.org/project/barracuda.git/blob/HEAD:/docs/SSL.txt