Feature #3102

Require SSL encrypted connection for shared folder

Added by Davide Principi over 6 years ago. Updated over 6 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-httpd
Target version:v6.6
Resolution: NEEDINFO:No

Description

Add a new "Require SSL encrypted connection" checkbox to "Shared folders" > "Web access" tab:
  • if enabled plain HTTP requests to the shared folder contents are redirected to HTTPS
  • if disabled the shared contents are accessible both through HTTP and HTTPS

See the community discussion for background informations.


Related issues

Related to NethServer 6 - Feature #3097: Allow .htaccess and write permissions overrides CLOSED

Associated revisions

Revision a3f133dc
Added by Davide Principi over 6 years ago

Use 00default as default virtual host file name. Refs #3102

Revision f872b902
Added by Davide Principi over 6 years ago

Include global ibays into VirtualHost contexts. Refs #3102

As stated in [1], "mod_rewrite configuration settings from the main
server context are not inherited by virtual hosts". Thus to force SSL,
global ibays must be inside a VirtualHost context.

[1] http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#vhosts

Revision 30c71f20
Added by Davide Principi over 6 years ago

Enable SSL virtual host if some ibay requires it. Refs #3102

Revision efa720a9
Added by Davide Principi over 6 years ago

Always enable VirtualHost on port 443 if ibay profile is migration. Refs #3102

Revision f0733558
Added by Davide Principi over 6 years ago

Merge branches b3097 b3102

Refs #3097 #3102

History

#1 Updated by Davide Principi over 6 years ago

  • Related to Feature #3097: Allow .htaccess and write permissions overrides added

#2 Updated by Davide Principi over 6 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Davide Principi
  • % Done changed from 20 to 30

#3 Updated by Davide Principi over 6 years ago

  • Status changed from ON_DEV to MODIFIED
  • Assignee deleted (Davide Principi)
  • % Done changed from 30 to 60

MODIFIED

  • Global ibays are now included by each VirtualHost configuration. They are no more included in server context.
  • The default virtual host configuration is now expanded to a well-known file: /etc/httpd/nethserver.d/00default.vhost
  • If an ibay requires SSL encryption, it causes the VirtualHost containing it to be instantiated both on port 80 and 443.
  • Requests are redirected by mod_rewrite directives
  • migrated ibays have always HTTP and HTTPS available

Upgrade to modified version for the following test cases:

Test case 1

Pick an ibay, i.e. ibay1, set Web address (URL) => Folder name

  • select a virtual host
  • check ibay1 contents are accessible only through HTTP
  • enable "Require SSL encrypted connection" checkbox on ibay1
  • check ibay1 contents are accessible only through HTTPS. HTTP is redirected to HTTPS.

Test case 2

Pick an ibay, i.e. ibay2, set Web address (URL) => Custom => 'custom'

  • check ibay2 contents are accessible only through HTTP, URL path /custom
  • enable "Require SSL encrypted connection" checkbox on ibay2
  • check ibay2 contents are accessible only through HTTPS. HTTP is redirected to HTTPS, URL path /custom

Test case 3

Pick an ibay, i.e. ibay3, set Web address (URL) => Web site root

  • check ibay3 contents are accessible only through HTTP
  • enable "Require SSL encrypted connection" checkbox on ibay3
  • check ibay3 contents are accessible only through HTTPS. HTTP is always redirected to HTTPS.

Test case 4

  • Create ibay4 and set it to a a virtual host
  • Verify only VirtualHost instance on port 80 is present:
    ls /etc/httpd/nethserver.d/*.vhost
    
  • Change the profile type:
    db accounts setprop ibay1 HttpProfileType migration
    signal-event ibay-modifay ibay1
    
  • Check ibay4 is accessible both on HTTP and HTTPS

#4 Updated by Davide Principi over 6 years ago

  • Status changed from MODIFIED to ON_QA
  • % Done changed from 60 to 70

In nethserver-testing 6.6:
nethserver-httpd-2.3.3-1.12.gf073355.ns6.noarch.rpm

#5 Updated by Giacomo Sanchietti over 6 years ago

  • Assignee set to Giacomo Sanchietti

#6 Updated by Giacomo Sanchietti over 6 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 70 to 90

Test case 1: VERIFIED
Test case 2: VERIFIED
Test case 3: VERIFIED
Test case 4: when trying to access the new virtualhost in https, the client is redirect to the main virtualhost still using https. VERIFIED

#7 Updated by Davide Principi over 6 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100

In nethserver-updates 6.6:
nethserver-httpd-2.4.0-1.ns6.noarch.rpm

Also available in: Atom PDF