Different domain to serve https:// site

[apeisa]

We host all our customers sites, and in our current cms we use different domain for https:// access. That is because that way we don't have to order and manage certificates for each of our sites. If the site is http://www.example.com then our secure address for that site would be https://example-com.cms.fi.

This has worked great on our old cms (only "negative" thing is that sometimes those *.cms.fi addresses get copied, but they always work of course).

Now I am thinking of doing similar thing with pw. How should I approach this? Any clues or has anyone done anything similar?

[ryan]

Have you tried it? I think it should work out of the box. At least, I can't think of any reason why it wouldn't. Let me know of any specific areas of concern.

The only thing I can think of that may have to be a consideration is the https vs. http settings for each template. If you access a page on an http addr using an https-only template, it will redirect to the same URL but with https. That may not be a problem. But if you find it's creating any issues, you can always leave the template set at the default (which is to accept traffic from both https and http), and then perform your https check in your template using $_SERVER vars.

[apeisa]

I haven't tried it yet. What I was thinking that might cause problems is that http / https -setting. But sounds like a good solution just to ignore that and use own script to determine what domain to use. Currently we use https:// every time user is logged in (or in a login page).

I will let you know how it goes. We are not yet sure what to use as a domain name here. Are you ok with domain name like pwire.fi? We don't want to use our company name there, since there would be two organisations in url, like https://clientname-fi.avoine.fi

[ryan]

PW will adapt wherever you put it, whether on a subdirectory, different domain, subdomain, etc. You don't have to tell it anything about where it's running because it figures it out at runtime. It's a little harder to design the CMS that way (which is why most CMSs don't do it), but I think it's well worth it. Likewise, it doesn't care whether it's being accessed by HTTPS or not unless you specify that you only want one or the other in your template settings. Because you are using a different domain for HTTPS, you'll want to skip using that template setting and instead do this:

To detect if the request is coming from an HTTPS connection:

<?php
if($config->https) {
    // user is on an HTTPS connection
} else {
    // regular HTTP
}

If you wanted to logged-in users to always redirect to the same page at a different domain, you'd do this:

<?php
if($user->isLoggedin && !$config->https) {
    // redirect to the same page at the alternate https domain
    $session->redirect("https://clientname-fi.pwire.fi" . $page->url); 
} else {
    // user is in the right place
}

You probably want to put that in some universal/header include file so that you don't have to code it in more than one spot.

[apeisa]

Yes, sounds very straightforward. Thanks for your help here. Will implement this in month or two, before Christmas anyway.