February 24, 2022 . 2 MIN READ
I thought it might be useful to document how I secure the redmine appliance. I find this useful for private setups.
It was a little messier than I thought becase for some reason in the 11.3 version the apache port 80 and 443 configs point to the same file. Sometimes I want secure only access, sometimes both. It would be nice to have these separated, as that makes it easier to redirect the secure traffic.
This makes it nice in webmin, as it will now distinguish the virtual servers. You can make the changes in /etc/apache2/sites-available/railsapp.
If you want redmine to be secure only,
After the line
RewriteEngine on
Add
# force http to https
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=permanent]
save the file and restart apache.
I’ve used this on a number of private setups, and it works.
Thank you TurnkeyLinux – I really like your appliance model.
http://www.faqforge.com/linux/controlpanels/how-to-redirect-an-http-connection-to-https-in-apache-webserver/
Http connections can be redirected to https with the apache mod_rewrite module, which should be available in every apache installation. Create a file with the name .htaccess in the website root directory which contains the following lines:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)
RewriteRule ^.*$ https://%1/$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
If you use ISPConfig 2 or 3, you can add these lines also in the apache directives field of the website settings form instead of adding them to a .htaccess file. But the approach with the .htaccess file will work on ISPConfig as well.
Reference: https://www.turnkeylinux.org/forum/general/20120610/setting-redmine-under-https
