Does anybody know if it is possible to implement SSL over just one site defined in a Rhythmyx 6.5.2 installation. We have a number of sites which are all edited by internal staff but we want to add a new one which can be edited by staff in China. We would want SSL for this but not for our other sites. The best way to do this would be 1) below but 2 and 3 are less good alternatives. I would welcome any input.
The only way I could see to do something like #1 is to use the ‘logged in’ community as the indicator that SSL was desired (assuming the communities were linked 1to1 to sites.) No mechanism to force ssl like this is provided. However, this doesn’t really seem like the right solution for this case anyway.
What you have is a group of people you want to force to ssl. #2 seems like the best solution. The non-ssl port is not exposed thru the firewall, only the ssl port is. This forces anyone outside to use ssl, while anyone inside can use non-encrypted access.
If the goal here is to require different group of user to access the server via SSL, look at the <Connector> nodes in the jbossweb-tomcat55.sar/server.xml. With a combination of firewall configuration and this file, you should be able to restrict users from certain locations on the internet from accessing the server without SSL.
This isn’t really “Site” centric, but it sounds like it will do what you need.
This is a version of your option 2: different connectors for different users.