enable https on login sites

[lferran]

When setting up the virtual hosts, enable the https on those sites where login credentials are sent to the server:

• Roundcube login
• Phpldapadmin login
• Trac login
• Jerkins login
• Zabbix login

[landauf]

Talking about HTTPS: There's a new project that creates real SSL certificates for free: ​https://letsencrypt.org/ Maybe we can use this.

[lferran]

• Trac is configured to run under https already. However, it is also served by apache under http. Do we want to redirect the login pages to https when clicked in the http? Or just leave it up to the user, to be concerned about security?

• The Roundcube and Zabbix logins work fine under https. The navigation bar links have been modified to point to the https URLs.

• For now, the http login is also possible. It is up to the user to use the preferred one. Should we change this? Should we block the requests to ​http://www.orxonox.info/roundcube , for instance?

• The Jenkins login is a bit more complicated. Steps ToDo:
  1. The dedicated Jenkins web server must be configured to run with SSL too (https).
  2. The Proxy redirect in apache must be correctly modified to point to the new URL configured in the previous step.

[landauf]

If possible (and if it doesn't break anything) I prefer to redirect http to https (also jenkins if possible). I think this applies to all web-services under www.orxonox.net and orxonox.net.

The only exception is svn.orxonox.net where http & https have different behavior. Here we don't need redirection.