Part 6: Setup and force HTTPS access


This guys name might be Larry.  He looks like a Larry.  Larry’s carrying a payload of one dollar bills. Not really packets though, unless you consider a single dollar bill a packet. Seems inefficient.  Larry’s not being escorted by police though; so he’s probably the kind of guy who uses HTTP and transmits his source code in plain text.

I hate when tutorials make me go back and change something that could have been changed previously, but I’m logically separating this into another section so that people who want to just use HTTP to access redmine and rhodecode can do that.

Adobe has published a useful write up on all the Apache directives needed for SSL and proxying combined with the use HTTPS, but SSL is already implemented using the default config located in /etc/httpd/conf.d/ssl.conf

You can generate a new cert and key, and modify /etc/httpd/conf.d/ssl.conf to reflect this.
I will not cover this here, but it is quite easy to generate a request.
If you want to generate your own self-signed cert, have a CA on site, or want to use a public CA, it’s up to you.

In the main apache config, we’ll create a RewriteRule so that all http requests are re-written to https requests:

vim /etc/httpd/conf/httpd.conf
#add the following to the end of the file
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Adjust the VirtualHost so that Redmine is hosted over SSL:

vim /etc/httpd/conf.d/ssl.conf

Within the  section of the file add or modify the following directives

ServerName SERVERNAME.domain.com
DocumentRoot /var/www/redmine/public
ErrorLog logs/ssl_redmine_error

Near the bottom of the file, but above , add the following:

<Directory /var/www/redmine/public>
		Allow from all
		Options -MultiViews
		Order allow,deny
		AllowOverride all
</Directory>

Comment out the VirtualHost bound to :80

vim /etc/httpd/conf/httpd.conf

Comment out the following lines:

#<VirtualHost *:80>
#       ServerName SERVERNAME.domain.com
#       DocumentRoot /var/www/redmine/public
#       ErrorLog logs/redmine_error
#       <Directory /var/www/redmine/public>
#               Allow from all
#               Options -MultiViews
#               Order allow,deny
#               AllowOverride all
#       </Directory>
#</VirtualHost>

Configure paste:httpserver to use HTTPS:

vim /var/www/rhodecode-venv/production.ini
# verify force_https = true

Restart paste serve:

service paste-serve-rhodecode restart

Restart apache, check that apache it is bound:

service httpd restart
netstat -apn | grep :80 #for http, to Rewrite the request
netstat -apn | grep :443 #for https

Test in a web brower
Any request over http will be re-written to https.
https://SERVERNAME.domain.com and https://SERVERNAME.domain.com/rhodecode will work!

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 41 other followers

%d bloggers like this: