HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Feature Requests (http://www.howtoforge.com/forums/forumdisplay.php?f=31)
-   -   Force https (http://www.howtoforge.com/forums/showthread.php?t=56742)

cfoe 30th March 2012 17:44

Force https
 
Hi ISPConfig Devs,

I am currently in the re-customization phase after the latest ISPConfig 3 Update.

I am using a .htaccess file to enforce SSL on the subdomain of the control-panel. For me this is not the most elegant way of solving the problem.
Roundcube has a nice variable called "force_https". If it is true ssl is enforced.

The implementation in the index.php (of Roundcube 0.8 beta):

Code:

// check if https is required (for login) and redirect if necessary
if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) {
  $https_port = is_bool($force_https) ? 443 : $force_https;
  if (!rcube_https_check($https_port)) {
    $host  = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
    $host .= ($https_port != 443 ? ':' . $https_port : '');
    header('Location: https://' . $host . $_SERVER['REQUEST_URI']);
    exit;
  }
}

This way it would work "out-of-the-box" without .htaccess file in Apache and nginx.
I hope this could be taken into consideration for the next minor release.

Feature Request: http://bugtracker.ispconfig.org/inde...ls&task_id=215

Greatings from Germany,
Christian

till 2nd April 2012 15:22

Roundcube and its code is not part of ispconfig. So if you need a change in the roundcuvbe index file, then you might want to post your feature request in the roundcube bugtracker,

cfoe 2nd April 2012 15:44

The Code is just an example for inspiration for ISPConfig. It is the implementation of Roundcube.
I just wanted to emphasize how it could be done independently from the used webserver.

wichu 8th May 2012 20:39

I would rather suggest that an option would be implemented into the user-interface to force SSL with this statement in the vhost-file:

Code:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]


cfoe 9th May 2012 16:23

Your solution is not bad for Apache. Do you have the rules for nginx?
With the info the feature might be half done.
Integration should be easy. For an experienced dev like the ispc folks

till 9th May 2012 16:51

The problem is that neither the php code nor the apache rewrite rule will work for this purpose on a ispconfig setup. The reason is that the ispconfig controlpanel uses port based ssl and that ispconfig is not installed into a website like a webmail client like roundcube. ISPconfig runs on a dedicated port like 8080 and this port supports either ssl or plain http but not both. So you can only connect to ispconfig with ssl or without ssl, switching between ssl and non ssl with a rewrite rule or php code will not work as there is no option to switch to.

Switching to ssl can only work if you installed ispconfig on a dedicated IP address on port 443 and when port 80 on the same IP address is enabled as well. But that not the case in any default install as most poeple dont have any spare dedicated IPv4 adresses that they want to use for the controlpanel only without hosting any websites on it.

wichu 10th May 2012 20:25

Yes, my solution would only work for Apache, but after a quick search I found this:

http://serverfault.com/questions/250...o-ssl-in-nginx

Code:

rewrite    ^  https://$server_name$request_uri? permanent;

cfoe 10th May 2012 20:28

You could add the combined code here:
http://bugtracker.ispconfig.org/inde...t=3&opened=799

wichu 10th May 2012 20:31

I'm hosting my ISPConfig Admin-Panel through the webserver (a separate instance of ISPConfig) on Apache and through the mod_proxy module.

It is a bit complicated, but it works.

cfoe 17th May 2012 19:17

Quote:

Originally Posted by till (Post 278846)
The problem is that neither the php code nor the apache rewrite rule will work for this purpose on a ispconfig setup. The reason is that the ispconfig controlpanel uses port based ssl and that ispconfig is not installed into a website like a webmail client like roundcube. ISPconfig runs on a dedicated port like 8080 and this port supports either ssl or plain http but not both. So you can only connect to ispconfig with ssl or without ssl, switching between ssl and non ssl with a rewrite rule or php code will not work as there is no option to switch to.

Switching to ssl can only work if you installed ispconfig on a dedicated IP address on port 443 and when port 80 on the same IP address is enabled as well. But that not the case in any default install as most poeple dont have any spare dedicated IPv4 adresses that they want to use for the controlpanel only without hosting any websites on it.

You are totally right. I did not thing about the 8080 port-config of the default install.
I use ISCP on a server on port 80+443 on an IPv4 but the IP is still usable for other domains via port 80. No problem there


All times are GMT +2. The time now is 00:17.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.