3.6.x: http/https with the same RT instance?

Is it possible to provide http and https access to the same RT instance
without running completely separate configuration trees and mason
caches?

I have a setup now where the only difference between the http instance
and the https instance is that the former is defined within a
<VirtualHost *:80> container and the latter is within a container. Most things seem to work seamlessly; the only
exception (and it’s a doozy) I’ve found so far is the “create” button
from the “new ticket in ___ queue” screen. Is there a reason this button
needs to force a canonical URL instead of using a relative?

The reason I’d like to provide plaintext http is to avoid the SSL
performance hit for internal users, but I’d like external users to be
able to connect securely. Do I really need a duplicate setup to do that?

/Ole Craig
Security Engineer

303-381-3802 (main support hotline)
303-381-3824 (my direct line)
303-381-3801 (fax)

www.stillsecure.com
. . .

Are you using mod_perl, fastcgi, or fcgid?

Sorry, should have thought to include more info.

CentOS 4.3
perl 5.8.5
FastCGI 2.4.2
apache 2.0.52
mysql 4.1.12

/Ole Craig
Security Engineer

303-381-3802 (main support hotline)
303-381-3824 (my direct line)
303-381-3801 (fax)

www.stillsecure.com
. . .

At Friday 6/9/2006 08:04 PM, Ole Craig wrote:

Is it possible to provide http and https access to the same RT instance
without running completely separate configuration trees and mason
caches?

I have a setup now where the only difference between the http instance
and the https instance is that the former is defined within a
<VirtualHost *:80> container and the latter is within a container. Most things seem to work seamlessly; the only
exception (and it’s a doozy) I’ve found so far is the “create” button
from the “new ticket in ___ queue” screen. Is there a reason this button
needs to force a canonical URL instead of using a relative?

The reason I’d like to provide plaintext http is to avoid the SSL
performance hit for internal users, but I’d like external users to be
able to connect securely. Do I really need a duplicate setup to do that?

I’d be really surprised if SSL caused so much of a difference in
performance that it would be worth the effort of figuring out and
maintaining this setup. Do you have any measurements for the performance “hit”?

Steve