Hostgator shared SSL with admin directory - how?

[Siamed]

Just installed CMS MS over at hostgator and completed all of the steps for securing the site but am having an issue with accessing the admin directory via SSL.

Hostgator makes you access sites using their shared SSL via https://servername.hostgator.com/~username/.  This works fine for accessing the homepage, but clicking on any links redirects the browser to https://www.domain.com/abc/xyz which doesn't work with hostgator using their shared cert, you must pay them to install an SSL cert to use SSL with your domains URL.  The same thing obviously happens when accessing the admin directory, which actually redirects to https://www.domain.com/admindir before the index.php loads up in the browser.  I did add an .htaccess to the admin directory to mod_rewrite requests to https, but beyond this I'm at a loss.

Is there a way to fix this inside the admin pages, the .htaccess file in the admin directory, or some other method?

[Siamed]

Digging around here all day and found this, but still no success.

This post describes a way to fix it, but I couldn't get it working. 
http://forum.cmsmadesimple.org/index.ph ... 475.0.html
The main page loads as https but all subsequent pages are over http.  I tried to use the following mod_rewrite in an admin folder .htaccess file to fix this, but I still get a pop saying I am sending unencrypted and the login page just reloads as if my username or password were bad but with no error stating that. 

Code: Select all

# force all access to /admin to SSL protected page
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

This post has a dev saying he's going to implement a way to do this, but no follow up and no idea if, where, and how it's been "implemented".
http://forum.cmsmadesimple.org/index.ph ... 750.0.html


Tried to see if there would be anything useful in the FAQ/HTTPS section of the wiki, but don't know enough to combine whatever is here with the first link above.
http://wiki.cmsmadesimple.org/index.php/FAQ/HTTPS

I'd think this would be a common configuration, unless many people are purchasing SSL certs and paying their host extra just to use SSL for the admin area of their site, or are simply not using secure sockets when accessing the admin area.

If this was implemented years ago I'd think there would be some documentation about it. Perhaps there is and I just can't find it?

[minneapolis_dan]

Me too, I'm trying right now to figure this out with a shared SSL.  I can cut and paste the sample code given in to my admin folder:

Code: Select all

  # force all access to /admin to SSL protected page
  RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

But I think there's a corresponding change I need to make in my config.php file too? For me, the secure URL would be like this: https://secure.netsolhost.com/mysite.co ... older 

but the config.php file takes that back to the default $config['root_url'] . Anyone know what to do?

[fungiblename]

I solved it this way - it's not particularly pretty, but it will let you login and make changes securely if you don't want to purchase private SSL. No need to fiddle with .htaccess either.

First, place the following into your config.php (replacing "domain.com", "username" and "cmsdirectory" with your values):

Code: Select all

$config['root_url'] = 'http://domain.com/cmsdirectory';
if(isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on')
{
$config['root_url'] = str_replace('http://','https://domain.com/~username/',$config['root_url']);
}

Then, edit admin/login.php to include a link at the bottom to your secure page, so if you go to

Code: Select all

http://domain.com/cmsdirectory/admin

there will be a link at the bottom to this:

Code: Select all

https://domain.com/~username/cmsdirectory/admin/

If your DNS is correctly configured, this should work unless HostGator has changed their policies lately (I broke down and bought private SSL a couple of months ago to make life easier for other projects). If you have other people accessing the CMS and you don't trust them to click on the link, then try an .htaccess solution that will redirect users to https://domain.com/~username/cmsdirectory/admin

I don't know much about .htaccess (mainly I copy and paste from other people), so if you really want to play around with .htaccess, see http://www.askapache.com/htaccess/apache-htaccess.html. Note: I'm not affiliated in any way with that link and can't vouch for its accuracy, but some of the stuff seems to work with HostGator