[resolved] Mapping subdomains with SSL (3 posts)

  1. Eric Mann
    Posted 4 years ago #

    My client is using MediaTemple to host their multisite network. It's currently installed using subdirectories (because that's all we could get to work with MT initially) and various domains/subdomains are mapped to those subdirectories.

    Unfortunately, we now need to use SSL to protect different sites (which are used to generate content for Facebook tabs). We have purchased and installed a wildcard SSL certificate, and it's working for everything except the mapped subdomains.

    When you try to go to https://whateversubdomain.ghmedicalhome.org, it always redirects to the login of the main site in the network (http://dashboard.ghmedicalhome.org).

    I contacted MediaTemple and asked for help there. On a VPS or other private setup, this is an easy fix - you just add a vhost to Apache's conf file listening on port 443 for that subdomain. Their response is below:

    While its certainly possible to use wildcard SSL certificates on the (gs) Grid-Service, due to the shared and clustered architecture of this hosting service, it does have the limitation that the sub-domain will need to have its own directory and or symlink defined within the /domains folder. Its not possible to define custom Apache vhosts.conf files per customer, as Apache is shared amongst all customers on that given cluster.

    The specific issue your facing is due to WordPress handling the sub-domains and sub-directories dynamically. To demonstrate this, I have created the sub-domain; mttest.ghmedicalhome.org in your /domains folder. SSL encrypted requests for this sub-domain resolve as expected to its own content.

    The reason your example of https://ghmobile.ghmedicalhome.org/ghmobile is not resolving correctly, is due to your WordPress configuration and how it is handling your directories dynamically and not related to a functionality of the (gs) Grid-Service.

    Unfortunately, if you require the specific configuration you are referring to, you will need to consider migrating to either a (dv) Dedicated-Virtual Server or (ve) Server. These self-managed hosting solutions provide an isolated environment with dedicated resources and complete root access to be able to install, configure, and modify any core service you require without affecting other customers.

    Any ideas on how to fix this without forcing my client to upgrade? Making them spend $200 for a wildcard cert was a big step ... I'd like to avoid paying for a dedicated solution plus the time it'll take to migrate if I can.

  2. Brian Layman
    Posted 4 years ago #

    Interesting... GS sounds like it really is just a fancy name for standard shared hosting. It just tells you that they are using virtual machines instead of real hardware.

    If you can't use a customized vhost.conf file, there's not much for it. You have to play within the tools they provide.

  3. Eric Mann
    Posted 4 years ago #

    It is shared hosting ... but it's been sufficient for this particular client up 'til now. We're considering moving to a VPS elsewhere.

    A temporary solution was to turn off domain mapping on the sites that needed SSL to meet Facebook's tab requirements (btw, all apps will need SSL by Oct 1).

    The downside, this turns friendly links like http://fb.ghmedicalhome.org/app1/ into http://dashboard.ghmedicalhome.org/fb/app1. Not too bad, but still annoying ... particularly if we ever want to use it for something facing the public (FB app urls are embedded within the site, so no one but me ever sees them).

Topic Closed

This topic has been closed to new replies.

About this Topic