Feature #3102
Require SSL encrypted connection for shared folder
Status: | CLOSED | Start date: | ||
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 100% | |
Category: | nethserver-httpd | |||
Target version: | v6.6 | |||
Resolution: | NEEDINFO: | No |
Description
- if enabled plain HTTP requests to the shared folder contents are redirected to HTTPS
- if disabled the shared contents are accessible both through HTTP and HTTPS
See the community discussion for background informations.
Related issues
Associated revisions
Use 00default as default virtual host file name. Refs #3102
Include global ibays into VirtualHost contexts. Refs #3102
As stated in [1], "mod_rewrite configuration settings from the main
server context are not inherited by virtual hosts". Thus to force SSL,
global ibays must be inside a VirtualHost context.
[1] http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#vhosts
Enable SSL virtual host if some ibay requires it. Refs #3102
Always enable VirtualHost on port 443 if ibay profile is migration. Refs #3102
History
#1 Updated by Davide Principi over 6 years ago
- Related to Feature #3097: Allow .htaccess and write permissions overrides added
#2 Updated by Davide Principi over 6 years ago
- Status changed from TRIAGED to ON_DEV
- Assignee set to Davide Principi
- % Done changed from 20 to 30
#3 Updated by Davide Principi over 6 years ago
- Status changed from ON_DEV to MODIFIED
- Assignee deleted (
Davide Principi) - % Done changed from 30 to 60
MODIFIED
- Global ibays are now included by each
VirtualHost
configuration. They are no more included in server context. - The default virtual host configuration is now expanded to a well-known file:
/etc/httpd/nethserver.d/00default.vhost
- If an ibay requires SSL encryption, it causes the
VirtualHost
containing it to be instantiated both on port 80 and 443. - Requests are redirected by
mod_rewrite
directives - migrated ibays have always HTTP and HTTPS available
Upgrade to modified version for the following test cases:
Test case 1
Pick an ibay, i.e. ibay1
, set Web address (URL) => Folder name
- select a virtual host
- check
ibay1
contents are accessible only through HTTP - enable "Require SSL encrypted connection" checkbox on
ibay1
- check
ibay1
contents are accessible only through HTTPS. HTTP is redirected to HTTPS.
Test case 2
Pick an ibay, i.e. ibay2
, set Web address (URL) => Custom => 'custom'
- check
ibay2
contents are accessible only through HTTP, URL path/custom
- enable "Require SSL encrypted connection" checkbox on
ibay2
- check
ibay2
contents are accessible only through HTTPS. HTTP is redirected to HTTPS, URL path/custom
Test case 3
Pick an ibay, i.e. ibay3
, set Web address (URL) => Web site root
- check
ibay3
contents are accessible only through HTTP - enable "Require SSL encrypted connection" checkbox on
ibay3
- check
ibay3
contents are accessible only through HTTPS. HTTP is always redirected to HTTPS.
Test case 4
- Create
ibay4
and set it to a a virtual host - Verify only VirtualHost instance on port 80 is present:
ls /etc/httpd/nethserver.d/*.vhost
- Change the profile type:
db accounts setprop ibay1 HttpProfileType migration signal-event ibay-modifay ibay1
- Check
ibay4
is accessible both on HTTP and HTTPS
#4 Updated by Davide Principi over 6 years ago
- Status changed from MODIFIED to ON_QA
- % Done changed from 60 to 70
In nethserver-testing 6.6:
nethserver-httpd-2.3.3-1.12.gf073355.ns6.noarch.rpm
#5 Updated by Giacomo Sanchietti over 6 years ago
- Assignee set to Giacomo Sanchietti
#6 Updated by Giacomo Sanchietti over 6 years ago
- Status changed from ON_QA to VERIFIED
- Assignee deleted (
Giacomo Sanchietti) - % Done changed from 70 to 90
Test case 1: VERIFIED
Test case 2: VERIFIED
Test case 3: VERIFIED
Test case 4: when trying to access the new virtualhost in https, the client is redirect to the main virtualhost still using https. VERIFIED
#7 Updated by Davide Principi over 6 years ago
- Status changed from VERIFIED to CLOSED
- % Done changed from 90 to 100
In nethserver-updates 6.6:
nethserver-httpd-2.4.0-1.ns6.noarch.rpm