SSL + multistore configuration problem

Hi,

I have a problem with configurating my multistores. I have domain1 as default store and domain2 pointing (direct admin) to my default store but my default store shows up.

My domain1 has https:// and my domain2 has http://. How do I set up my .htaccess because I think this file is causing the problem.

At this moment I have this code in my .htaccess:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.domain1/$1 [R=301,L]

RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

I hope someone can help me

I have a very similar issue as this.

If I remove the

RewriteRule ^(.*)$ https://www.domain1/$1 [R=301,L] (using #)

The multistore function works.

Other users are stating that their installations with both secured domains and non secured domains are working.

Can anyone advise what should be in .htaccess

sooty wrote:I have a very similar issue as this.

If I remove the

RewriteRule ^(.*)$ https://www.domain1/$1 [R=301,L] (using #)

The multistore function works.

Other users are stating that their installations with both secured domains and non secured domains are working.

Can anyone advise what should be in .htaccess

Do you have the domain name hard coded in the line above? If so, that is your problem.

I use a dynamic link: and everything works properly for me.

labeshops wrote: Do you have the domain name hard coded in the line above? If so, that is your problem.

I use a dynamic link:

Code: Select all

RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

and everything works properly for me.

this is what I've actually got at the moment

RewriteRule (.*) https://www.domainA.com/$1 [R,L]

When I tried the "RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]" nothing works and I get an extra set of "www." in the URL bar.

It is obviously something in the structure of this rule. I am now reading the Apache manual, but my old brain is not absorbing stuff like it used to!

labeshop, thank you for your help, it is appreciated

Hi labeshop

can I ask what the line above is? the RewriteCond line

Cheers

Sooty

I think it changes non www to www. on my domains, but honestly, not sure. Not good with the htaccess code stuff.

That line of code does direct all non www requests to www

If you're using a line referencing port 80, you're trying to force the entire site to use SSL.

What type of certificate do you have? If it's a UCC SAN certificate, you must have them setup for the full domain (www.yourdomain.com vs. yourdomain.com). A UCC SAN certificate does not cover both non www and www address by default. These are 2 separate SAN's.

Hope that's not too confusing.

don't under estimate how deep you may need to go to get this working. I have now got this working but it has taken much frustration on my part. I've exhausted the knowledge of a hired expert and drawn blanks from the posts and responses on the forum. All of the help I have appreciated.

In the end I asked the tech support people at my hosting provider if they would have a look even though they normally drawn the line at "fixing website issues" and we do now have a working system.

Bear in mind that on the same hosting package, I have 2 Opencart installations running, both 1.5.x. One has an SSL on the primary domain and the other does not. The installation without the SSL supports multistore without any trouble at all.

The other one, our main installation, does have SSL certificate on the primary and has been the one that has been a right "cow". Every additional domain now needs an SSL, we are currently testing with a free self-signed certificate.

Our hosting is on a proper PCI DSS compliant server and it is the additional security in place via modsecurity, once an SSL is installed, that has caused our issues. It has been resolved by changes to .htaccess but also to modsecurity rule settings. Some hosts that do not specifically list their servers as PCIDSS compliant, turn off all the modsecurity rules so that everything runs without issue, but at the expense of security. Tech Support at our host has modified the necessary rules to allow multistore to run, whilst not significantly reducing server security on our primary Opencart directory.
Tech Support have already advised that they will need to make further changes when we add further multistore domains.
http://www.modsecurity.org/
modsecurity can normally be accessed via cPanel, but please do not ask me how to configure it, I have no idea. I'm not even sure whether it is user modifiable or has to be done from the hosting providers side.

It always was our intention to install SSL's on all of our shop domains anyway, so having to have on the secondary domains is not a problem to us. It is now becoming "expected" in the UK that shop sites are secured by SSL especially when customer details are stored. And to be honest, I don't use online shops that don't have them.

So, in a nutshell, if your hosting allows you to set up multistore with a mix of SSL and non-SSL domains without any hassle, you need to check the server is actually PCI DSS compliant!