Defect #1145
closed
https - not all links use https but http
0%
Description
I have set up redmine 0.7.0 behind an SSL enabled Apache proxying back to mongrel. Under administration I have set protocol to https and set hostname to my correct hostname but some links go to http: Home, Logout, Login.
Files
Related issues
Updated by Daniel N over 16 years ago
I searched the bugs on redmine.org and found #157 which seems to have related effects but for emails.
Updated by Eric Davis over 16 years ago
This is all based on your Apache settings. The "protocol" and "hostname" in the administration setting are only for email. Check to make sure you have your Apache with the following line:
RequestHeader set X_FORWARDED_PROTO 'https'
That tells Redmine and mongrel that https is used.
Full configuration file from my old Apache:
<VirtualHost *:80>
ServerName projects.littlestreamsoftware.com
RewriteEngine On
# Redirect any non HTTPS requests to the HTTPS server
RewriteCond %{HTTP_HOST} ^projects.littlestreamsoftware.com$ [NC]
RewriteRule ^(.*)$ https://projects.littlestreamsoftware.com$1 [R=301,L]
Include /etc/apache2/common/hide-svn
Include /etc/apache2/common/deflate
</VirtualHost>
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/apache2/apache.pem
RequestHeader set X_FORWARDED_PROTO 'https'
ServerAdmin webmaster@localhost
RewriteEngine On
DocumentRoot /home/websites/projects.littlestreamsoftware.com/current/public
<Directory "/home/websites/projects.littlestreamsoftware.com/current/public">
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
<Proxy balancer://redmine_cluster>
BalancerMember http://127.0.0.1:12000
</Proxy>
ProxyPass / balancer://redmine_cluster/
ProxyPassReverse / balancer://redmine_cluster/
# These directories should always be served up by Apache, since they contain static content. Or just let rails do it.
ProxyPass /images !
ProxyPass /stylesheets !
ProxyPass /javascripts !
ProxyPass /favicon.ico !
# Uncomment for rewrite debugging
# RewriteLog /tmp/myapp_rewrite_log
# RewriteLogLevel 9
# Check for maintenance file and redirect all requests
RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f
RewriteCond %{SCRIPT_FILENAME} !maintenance.html
RewriteRule ^.*$ /system/maintenance.html [L]
# Rewrite index to check for static
RewriteRule ^/$ /cache/index.html [QSA]
# Rewrite to check for Rails cached page
RewriteRule ^([^.]+)$ /cache/$1.html [QSA]
# Redirect all non-static requests to cluster
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ balancer://redmine_cluster%{REQUEST_URI} [P,QSA,L]
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/admin-access.log combined
ServerSignature Off
Include /etc/apache2/common/hide-svn
Include /etc/apache2/common/deflate
</VirtualHost>
Updated by Daniel N over 16 years ago
- Status changed from New to Resolved
Hi Eric,
thank you very much! I suspected the settings but you were right. It was mod_proxy and the missing header for https.
Updated by Jean-Philippe Lang over 16 years ago
- Status changed from Resolved to Closed
- Target version set to 0.7.1
- Resolution set to Fixed
Home, Logout, Login links are fixed in r1384.
They have now relative urls.
Updated by Robert Cerny over 16 years ago
- Status changed from Closed to Reopened
Hi,
I installed version 1424 today and it looks like the Login/Logout/Account paths are still absolute... At least on my install while browsing http://localhost:3000 I get http://192.168.1.10:3000/ after trying to login
Updated by Jean-Philippe Lang over 16 years ago
- Target version deleted (
0.7.1)
Robert: could you attach the full html content of the home page please ?
Updated by Robert Cerny over 16 years ago
- File index.html index.html added
Enclosed please find attached html file. You didn't provide much details which page should I attach, so it's home page after successful login. My browser swaps to ip address when clicking Sign out. Could redirect_back_or_default method be involved there??
Updated by Robert Cerny over 16 years ago
Well,
it looks like the problem was in the configuration of my server. All is working now.
Updated by Jean-Philippe Lang over 16 years ago
- Status changed from Reopened to Closed
- Resolution changed from Fixed to Invalid
OK, thanks for the feedback Robert.
Updated by Toni Kerschbaum over 16 years ago
- Status changed from Closed to Reopened
Is it possible that if "Authentication required" is enabled, the redirect goes to http://, regardless if the URI used is for instance http://www.redmine.org or https://secure.redmine.org?
In my case, I have Apache serving Redmine with standard http:// access from the Intranet, but SSL/https:// access for clients from untrusted networks. Can this be done even? So far, everything works fine, except the issue described above.
Updated by Toni Kerschbaum over 16 years ago
The solution described by Eric Davis in reply No. 2 fixes my problem - it's working now :)
Updated by Eric Davis about 16 years ago
- Status changed from Reopened to Closed
Closing, issue caused by Apache configuration.