#1  
Old 30th March 2012, 17:44
cfoe cfoe is offline
ISPConfig Developer
 
Join Date: Oct 2011
Location: NRW, Germany
Posts: 233
Thanks: 27
Thanked 57 Times in 32 Posts
Send a message via Skype™ to cfoe
Lightbulb Force https

Hi ISPConfig Devs,

I am currently in the re-customization phase after the latest ISPConfig 3 Update.

I am using a .htaccess file to enforce SSL on the subdomain of the control-panel. For me this is not the most elegant way of solving the problem.
Roundcube has a nice variable called "force_https". If it is true ssl is enforced.

The implementation in the index.php (of Roundcube 0.8 beta):

Code:
// check if https is required (for login) and redirect if necessary
if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) {
  $https_port = is_bool($force_https) ? 443 : $force_https;
  if (!rcube_https_check($https_port)) {
    $host  = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
    $host .= ($https_port != 443 ? ':' . $https_port : '');
    header('Location: https://' . $host . $_SERVER['REQUEST_URI']);
    exit;
  }
}
This way it would work "out-of-the-box" without .htaccess file in Apache and nginx.
I hope this could be taken into consideration for the next minor release.

Feature Request: http://bugtracker.ispconfig.org/inde...ls&task_id=215

Greatings from Germany,
Christian

Last edited by cfoe; 30th March 2012 at 20:05. Reason: added link to feature request
Reply With Quote
Sponsored Links
  #2  
Old 2nd April 2012, 15:22
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,763
Thanks: 821
Thanked 5,331 Times in 4,183 Posts
Default

Roundcube and its code is not part of ispconfig. So if you need a change in the roundcuvbe index file, then you might want to post your feature request in the roundcube bugtracker,
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #3  
Old 2nd April 2012, 15:44
cfoe cfoe is offline
ISPConfig Developer
 
Join Date: Oct 2011
Location: NRW, Germany
Posts: 233
Thanks: 27
Thanked 57 Times in 32 Posts
Send a message via Skype™ to cfoe
Default

The Code is just an example for inspiration for ISPConfig. It is the implementation of Roundcube.
I just wanted to emphasize how it could be done independently from the used webserver.
Reply With Quote
  #4  
Old 8th May 2012, 20:39
wichu wichu is offline
Junior Member
 
Join Date: Apr 2012
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I would rather suggest that an option would be implemented into the user-interface to force SSL with this statement in the vhost-file:

Code:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
Reply With Quote
  #5  
Old 9th May 2012, 16:23
cfoe cfoe is offline
ISPConfig Developer
 
Join Date: Oct 2011
Location: NRW, Germany
Posts: 233
Thanks: 27
Thanked 57 Times in 32 Posts
Send a message via Skype™ to cfoe
Default

Your solution is not bad for Apache. Do you have the rules for nginx?
With the info the feature might be half done.
Integration should be easy. For an experienced dev like the ispc folks
Reply With Quote
  #6  
Old 9th May 2012, 16:51
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,763
Thanks: 821
Thanked 5,331 Times in 4,183 Posts
Default

The problem is that neither the php code nor the apache rewrite rule will work for this purpose on a ispconfig setup. The reason is that the ispconfig controlpanel uses port based ssl and that ispconfig is not installed into a website like a webmail client like roundcube. ISPconfig runs on a dedicated port like 8080 and this port supports either ssl or plain http but not both. So you can only connect to ispconfig with ssl or without ssl, switching between ssl and non ssl with a rewrite rule or php code will not work as there is no option to switch to.

Switching to ssl can only work if you installed ispconfig on a dedicated IP address on port 443 and when port 80 on the same IP address is enabled as well. But that not the case in any default install as most poeple dont have any spare dedicated IPv4 adresses that they want to use for the controlpanel only without hosting any websites on it.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 10th May 2012, 20:25
wichu wichu is offline
Junior Member
 
Join Date: Apr 2012
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yes, my solution would only work for Apache, but after a quick search I found this:

http://serverfault.com/questions/250...o-ssl-in-nginx

Code:
rewrite     ^   https://$server_name$request_uri? permanent;
Reply With Quote
  #8  
Old 10th May 2012, 20:28
cfoe cfoe is offline
ISPConfig Developer
 
Join Date: Oct 2011
Location: NRW, Germany
Posts: 233
Thanks: 27
Thanked 57 Times in 32 Posts
Send a message via Skype™ to cfoe
Default

You could add the combined code here:
http://bugtracker.ispconfig.org/inde...t=3&opened=799
Reply With Quote
  #9  
Old 10th May 2012, 20:31
wichu wichu is offline
Junior Member
 
Join Date: Apr 2012
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I'm hosting my ISPConfig Admin-Panel through the webserver (a separate instance of ISPConfig) on Apache and through the mod_proxy module.

It is a bit complicated, but it works.
Reply With Quote
  #10  
Old 17th May 2012, 19:17
cfoe cfoe is offline
ISPConfig Developer
 
Join Date: Oct 2011
Location: NRW, Germany
Posts: 233
Thanks: 27
Thanked 57 Times in 32 Posts
Send a message via Skype™ to cfoe
 
Default

Quote:
Originally Posted by till View Post
The problem is that neither the php code nor the apache rewrite rule will work for this purpose on a ispconfig setup. The reason is that the ispconfig controlpanel uses port based ssl and that ispconfig is not installed into a website like a webmail client like roundcube. ISPconfig runs on a dedicated port like 8080 and this port supports either ssl or plain http but not both. So you can only connect to ispconfig with ssl or without ssl, switching between ssl and non ssl with a rewrite rule or php code will not work as there is no option to switch to.

Switching to ssl can only work if you installed ispconfig on a dedicated IP address on port 443 and when port 80 on the same IP address is enabled as well. But that not the case in any default install as most poeple dont have any spare dedicated IPv4 adresses that they want to use for the controlpanel only without hosting any websites on it.
You are totally right. I did not thing about the 8080 port-config of the default install.
I use ISCP on a server on port 80+443 on an IPv4 but the IP is still usable for other domains via port 80. No problem there
Reply With Quote
Reply

Bookmarks

Tags
enforce, https, ispconfig, ssl

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
haproxy with stunnel problem abubin Server Operation 6 10th April 2012 15:08
Force http to https for the admin panel GarGamel55 Installation/Configuration 3 23rd August 2011 10:46
How to force https with redirect subdomain binaryrogue General 3 13th March 2010 02:55
squid and https passthrough Xitron Installation/Configuration 0 5th November 2009 18:40
Force https on a directory TheMaximumWeasel General 1 25th June 2007 07:24


All times are GMT +2. The time now is 23:30.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.