Planet
navi homePPSaboutscreenshotsdownloaddevelopmentforum

Opened 4 years ago

Closed 4 years ago

Last modified 3 years ago

#448 closed task (fixed)

enable https on login sites

Reported by: lferran Owned by: lferran
Priority: major Milestone: IT: Server Setup
Component: IT Version:
Keywords: Cc:
Referenced By: References:

Description (last modified by lferran)

When setting up the virtual hosts, enable the https on those sites where login credentials are sent to the server:

  • Roundcube login
  • Phpldapadmin login
  • Trac login
  • Jerkins login
  • Zabbix login

Change History (6)

comment:1 Changed 4 years ago by lferran

  • Status changed from new to accepted

comment:2 Changed 4 years ago by landauf

Talking about HTTPS: There's a new project that creates real SSL certificates for free: https://letsencrypt.org/ Maybe we can use this.

comment:3 Changed 4 years ago by lferran

  • Description modified (diff)

comment:4 Changed 4 years ago by lferran

  • Trac is configured to run under https already. However, it is also served by apache under http. Do we want to redirect the login pages to https when clicked in the http? Or just leave it up to the user, to be concerned about security?
  • The Roundcube and Zabbix logins work fine under https. The navigation bar links have been modified to point to the https URLs.
  • For now, the http login is also possible. It is up to the user to use the preferred one. Should we change this? Should we block the requests to http://www.orxonox.net/roundcube , for instance? Or simply redirect them to https?
  • The Jenkins login is a bit more complicated. Steps TODO
    1. The dedicated Jenkins web server must be configured to run with SSL too (https).
    2. The Proxy redirect in apache must be correctly modified to point to the new URL configured in the previous step.
Last edited 3 years ago by landauf (previous) (diff)

comment:5 Changed 4 years ago by landauf

If possible (and if it doesn't break anything) I prefer to redirect http to https (also jenkins if possible). I think this applies to all web-services under www.orxonox.net and orxonox.net.

The only exception is svn.orxonox.net where http & https have different behavior. Here we don't need redirection.

Last edited 3 years ago by landauf (previous) (diff)

comment:6 Changed 4 years ago by lferran

  • Resolution set to fixed
  • Status changed from accepted to closed
Note: See TracTickets for help on using tickets.