Changes

Jump to navigation Jump to search

Https redirection (view source)

Revision as of 04:48, 16 April 2018

5,235 bytes added ,  04:48, 16 April 2018
no edit summary
Line 1: Line 1:  +
{{Note box|this is the default behaviour for SME since e-smith-ibays-2.4.0-10 has been released}}
 +
 
== https forced redirection using custom template ==
 
== https forced redirection using custom template ==
   −
This is a link to an earlier Howto that is still applicable to sme7.x
+
 
 +
===Solution using a custom template only===
 +
 
 +
These instructions come from an earlier Howto that is still applicable to sme7.x
 
http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/rmitchell/smeserver/howto/https%20ibay%20forced%20redirection%20HOWTO%20for%20sme%20server.htm  
 
http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs/rmitchell/smeserver/howto/https%20ibay%20forced%20redirection%20HOWTO%20for%20sme%20server.htm  
   −
I will revise the Howto & add it here when time permits
+
====Problem:====
 +
 
 +
You want to force https access to an ibay, a Web directory or all web contents of your server, whenever you access it using http
 +
 
 +
====Solution:====
 +
 
 +
Create a custom template that forces the redirection from http to https. This is a similar method to that used to force webmail to https
 +
 
 +
====Information:====
 +
 
 +
This how to is based on forum & devinfo posts, thanks to the posters particularly Orien Love & Tony Clayton and thanks for all the help I have received over the years from Gordon Rowell & Charlie Brady.
 +
 
 +
See http://contribs.org/modules/pbboard/viewtopic.php?p=98152&PHPSESSID=959ab7d52917db44da0c916f4be29d18#98152
 +
 
 +
and
 +
 
 +
http://lists.contribs.org/mailman/public/devinfo/msg07284.html
 +
 
 +
 
 +
====Configuration Procedure:====
 +
 
 +
If it does not already exist then create the following directory
 +
 
 +
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts
 +
 
 +
cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts
 +
 
 +
nano 60redir-ibayname1
 +
 
 +
Paste or type the following code including the brackets, replacing each occurrence of '''ibayname''' with the name of your ibay
 +
 
 +
{
 +
if ($port ne "443")
 +
{
 +
$OUT .= <<'HERE';
 +
## Redirect Web Address to Secure Address
 +
RewriteEngine on
 +
RewriteRule ^/'''ibayname''' <nowiki>https://%{HTTP_HOST}/</nowiki>'''ibayname'''
 +
 +
## End Of Redirect
 +
HERE
 +
}
 +
}
 +
 +
Save the file & exit by Ctrl+x, then issue the following command
 +
 
 +
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
 +
 
 +
sv t /service/httpd-e-smith/
 +
 
 +
* This is an alternative if the solution above doesn't work.
   −
====Alternative method using custom template and db commands====
+
{
 +
if ($port ne "443")
 +
{
 +
$OUT .= <<'HERE';
 +
# Redirect transmission Address to Secure Address
 +
RewriteEngine On
 +
RewriteCond %{HTTPS} off
 +
RewriteRule /'''ibayname''' <nowiki>https://%{HTTP_HOST}:443/</nowiki>'''ibayname'''
 +
## End Of Redirect
 +
HERE
 +
}
 +
}
 +
 
 +
Save the file & exit by Ctrl+x, then issue the following command
 +
 
 +
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
 +
 
 +
sv t /service/httpd-e-smith/
 +
 
 +
 
 +
* If you wish to force https access to other ibays then make additional template fragments with a different filename that contain the same code except with the ibay name changed to suit
 +
 
 +
eg
 +
 
 +
61redir-ibayname2
 +
 
 +
* Alternatively if you want to force all http trafics to https, you can make a general rule like this.
 +
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts
 +
cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts
 +
nano 60all-httptohttps
 +
 
 +
{
 +
if ($port ne "443")
 +
{
 +
$OUT .= <<'HERE';
 +
# Redirect transmission Address to Secure Address
 +
RewriteEngine On
 +
RewriteCond %{HTTPS} off
 +
RewriteRule (.*) <nowiki>https://%{HTTP_HOST}%{REQUEST_URI}</nowiki>
 +
## End Of Redirect
 +
HERE
 +
}
 +
}
 +
 +
Save the file & exit by Ctrl+x, then issue the following command
 +
 
 +
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
 +
 
 +
sv t /service/httpd-e-smith/
 +
 
 +
 
 +
Warning: If you receive errors when you expand the template that refer to not finding HERE before EOF, then make sure you have no spaces before or after the HERE entry in the code
 +
 
 +
You can download a copy of this fragment from here, remember to edit it to suit your ibayname:
 +
 
 +
http://distro.ibiblio.org/pub/linux/distributions/smeserver/contribs//rmitchell/smeserver/contribs/https-ibay-redirection/
 +
 
 +
====Removal Procedure:====
 +
 
 +
rm /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts/60redir-ibayname1
 +
 
 +
and also remove any other additional ibay redirect fragments if required eg
 +
 
 +
rm /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts/61redir-ibayname2
 +
 
 +
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
 +
 
 +
/etc/init.d/httpd restart
 +
 
 +
 
 +
====Modified code to use a db setting====
 +
 
 +
From http://forums.contribs.org/index.php/topic,47451.msg234224.html#msg234224
 +
 
 +
This modifies the original code slightly & needs only one 60redir-ibay custom fragment
 +
 
 +
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts
 +
 
 +
cd /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHosts
 +
 
 +
nano -w 60redir-ibay
 +
 
 +
Then paste this
 +
 
 +
{
 +
    use esmith::AccountsDB;
 +
    my $adb = esmith::AccountsDB->open_ro();
 +
    $OUT = "";
 +
 +
    foreach my $ibay ($adb->ibays)
 +
    {
 +
      my %properties = $ibay->props;
 +
      my $key = $ibay->key;
 +
      if ($properties{'HTTPSredir'})
 +
      {
 +
          if ($properties{'HTTPSredir'} eq 'on')
 +
          {
 +
            if ($port ne "443")
 +
            {
 +
                $OUT .= "    ## Redirect Web Address to Secure Address\n";
 +
                $OUT .= "    RewriteEngine on\n";
 +
                $OUT .= "    RewriteRule ^/$key(/.*|\$) https://%{HTTP_HOST}/$key\$1 [L,R]\n";
 +
                $OUT .= "    ## End Of Redirect\n";
 +
              }
 +
          }
 +
      }
 +
    }
 +
}
 +
 
 +
 
 +
Save the file & exit by Ctrl+x, then issue the following command
 +
 
 +
/sbin/e-smith/expand-template /etc/httpd/conf/httpd.conf
 +
 
 +
sv t /service/httpd-e-smith/
 +
 
 +
then issue this db command, you have to change '''ibayname''' to the actual name of your ibay
 +
db accounts setprop '''ibayname''' HTTPSredir on
 +
 
 +
==Alternative methods ==
 +
=== Block plain http using custom template and db commands===
    
Here is an alternative method based on this forum thread http://forums.contribs.org/index.php/topic,31772.new.html#new
 
Here is an alternative method based on this forum thread http://forums.contribs.org/index.php/topic,31772.new.html#new
 +
 +
This method requires the use of https, and will deny access if http is used.
    
At a command prompt do the following:
 
At a command prompt do the following:
Unnilennium
Super Admin, Wiki & Docs Team, Bureaucrats, Interface administrators, Administrators
3,250

edits

Retrieved from "https://wiki.koozali.org/Special:MobileDiff/14325...34617"

Navigation menu