I cant find any exactly similar topic ..., im not sure if my configuration is fine.
I inherited those settings from my predecessor, and part of them look little strange.
We are using https, phpbb 3.3.3, php 7.4, the server has SSL certificate.
All hosting names are taken as examples "out of the blue" to be more simple. "No servers were harmed ..."
We have hosting on provider lets say "hoster.com"
Hosting addrees will be :
best.hoster.com
and domain name is different for ex.:
board.com
On hosting:
best.hoster.com
we have catalogs:best.hoster.com/production
best.hoster.com/mirror1
best.hoster.com/mirror2
All catalogs (and main catalog) has .htaccess files with:
Code: Select all
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
board.com
management panel (from domain hosting side) we have redirections:1.
board.com
pointing to -> best.hoster.com/production
as main domain redirection 2.
test1.board.com
pointing to -> best.hoster.com/mirror1
3.
test2.board.com
pointing to -> best.hoster.com/mirror2
I would kindly ask you to confirm exact cookies and server configuration, to be sure that those are ok.
A)
First thing is i can go to address
https://board.com
and it will stay that way, without "www" is that ok?I have checked, that on
https://www.phpbb.com
if i delete "www" part it will momentarily redirect me to https://www.phpbb.com
.In my installation it let me stay either on https://www or only https://.
Is it relevant in such multi environment setup and from secure cookies perspective? I was reading that it could be relevant in such config as mine.
Server settings:
On all installation i have "forced server protocol set to: disabled -> as it is redirected by .htaccess file.
General question is: are we going by domain naming here, or hosting names? or perhaps we have to mix something?
B)
On production Server i have settings set (which works):
Code: Select all
Server
domain name to: [c]www.board.com[/c] (which is domain name)
port blank ( 0 to be exact, i cant set it to blank)
path to script: '/'
Cookies:
cookies domain : .board.com (domain name with dot at beginning)
cookies path: '/'
cookies secure : enabled
Could it, or should be done in different way? by hosting names? Something like:
Code: Select all
Server
domain name to: [c]www.best.hoster.com[/c] (which is server/hosting name) -> should it be with www. prefix?
port blank ( 0 )
path to script: '/production'
Cookies:
cookies domain : .best.hoster.com (server/hostin name with dot at beginning)
cookies path: '/production'
cookies secure : enabled
C)
The mirrors... those are configured by hosting name... my quess is, that should be changed...
Code: Select all
Server
domain name to: [c]best.hoster.com[/c] (which is domain name)
port blank ( 0 to be exact, i cant set it to blank)
path to script: '/mirror1'
Cookies:
cookies domain : best.hoster.com (domain name with dot at beginning)
cookies path: '/' <- nothing here , should it be -> '/mirror1'?
cookies secure : enabled
When im on https://board.com i can see some extra controls i guess because of mchat on address bar (its about allowing/disallowing extra sound etc): When i change to https://www.board.com it disappears What are best practices in such environment?
How to configure it in order to make sure that sessions from different boards will not mix? Or messed up other way?
I hope I have described my problem logically and clearly
I will be grateful for any help.
Best regards!
Testingmro