Re: [fossil-users] Fossil does not generate https link prefix

2015-11-05 Thread Eric Rubin-Smith 
On Thu, Nov 5, 2015 at 6:53 AM, Richard Hipp  wrote:

> On 11/4/15, Eduard  wrote:
> > Hi Taras,
> >
> > I've had a very similar problem. I fixed it by setting the "HTTPS"
> > environment variable (for CGI execution) to "on" when the request comes
> > in through https, i.e.
> >
> > 
> >   SetEnv HTTPS on
> > 
> >
> > You might want to remove the "" part if you're only accepting https
> > anyway.
> >
> > I'm not sure whether this is the truly correct way to do it, but it sure
> > solved my problem.
> >
>
> Fossil depends on the HTTPS environment variable to know whether or
> not the inbound request was over http or https.  Without that
> environment variable, Fossil has no way of knowing, and hence has no
> way of knowing whether to generate http: or https: on generated
> hyperlinks.
>


In my Fossil server config (running as an inetd-style program behind
stunnel), I pass the '--https' flag and the '--host' parameter to fossil
when forking an instance.  This may give OP the desired effect.

Full stunnel config:

$ cat stunnel.conf
pid = /home/fossil/stunnel.pid
output = /home/fossil/stunnel.log
RNDfile = /home/fossil/randfile

[fossil-https]
accept = 10443
cert = /home/fossil/www.example.com.pem
key = /home/fossil/www.example.com.key
exec = /usr/local/bin/fossil
execargs = fossil http /home/fossil/my.fossil.db --https --host
www.example.com

For completeness, here is the redirect rule to expose stunnel at port 443
(allowing stunnel to run as user 'fossil' rather than 'root'):

# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 31728 packets, 1886K bytes)
 pkts bytes target prot opt in out source
destination
 5342  309K REDIRECT   tcp  --  *  *   0.0.0.0/0
0.0.0.0/0tcp dpt:443 redir ports 10443


HTH,
Eric
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Fossil does not generate https link prefix

2015-11-05 Thread Richard Hipp 
On 11/4/15, Eduard  wrote:
> Hi Taras,
>
> I've had a very similar problem. I fixed it by setting the "HTTPS"
> environment variable (for CGI execution) to "on" when the request comes
> in through https, i.e.
>
> 
>   SetEnv HTTPS on
> 
>
> You might want to remove the "" part if you're only accepting https
> anyway.
>
> I'm not sure whether this is the truly correct way to do it, but it sure
> solved my problem.
>

Fossil depends on the HTTPS environment variable to know whether or
not the inbound request was over http or https.  Without that
environment variable, Fossil has no way of knowing, and hence has no
way of knowing whether to generate http: or https: on generated
hyperlinks.

-- 
D. Richard Hipp
d...@sqlite.org
___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

[fossil-users] Fossil does not generate https link prefix

2015-11-04 Thread Taras Zakharko 
Dear all, 

I am serving repositories on our internal server via the Fossil GCI mechanism 
behind Apache2 with SSL. The system is OS X. Everything was running perfectly, 
but today I have updated the OS X Server app to the new version and while 
everything is still running, Fossil now fails to generate the https:// prefixes 
for the links, instead using http://. As a result, security features in the 
modern browser ignore the CSS stylesheets (because there is a protocol 
mismatch). So while pushing, pulling as well as website do work — the later 
looks quite ugly. I was looking for the way to make Fossil generate https:// 
prefix, but I couldn’t find any definite information. 

I am sure that Fossil itself is not to blame, because everything was working 
perfectly before the server upgrade. But maybe someone has encountered a 
similar problem and can point me into a direction where to look. The server 
migration script did change the conf file header from:


  ServerName URL

to


  ServerName https://URL:443 

There were no other changes. Other services (some Rails applications) are 
running without any issues. 

Any ideas?

Best, 

 Taras___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

Re: [fossil-users] Fossil does not generate https link prefix

2015-11-04 Thread Eduard 
Hi Taras,

I've had a very similar problem. I fixed it by setting the "HTTPS"
environment variable (for CGI execution) to "on" when the request comes
in through https, i.e.


  SetEnv HTTPS on


You might want to remove the "" part if you're only accepting https
anyway.

I'm not sure whether this is the truly correct way to do it, but it sure
solved my problem.

Cheers,
Eduard

On 11/04/2015 11:48 PM, Taras Zakharko wrote:
> Dear all, 
>
> I am serving repositories on our internal server via the Fossil GCI
> mechanism behind Apache2 with SSL. The system is OS X. Everything was
> running perfectly, but today I have updated the OS X Server app to the
> new version and while everything is still running, Fossil now fails to
> generate the https:// prefixes for the links, instead using http://.
> As a result, security features in the modern browser ignore the CSS
> stylesheets (because there is a protocol mismatch). So while pushing,
> pulling as well as website do work — the later looks quite ugly. I was
> looking for the way to make Fossil generate https:// prefix, but I
> couldn’t find any definite information. 
>
> I am sure that Fossil itself is not to blame, because everything was
> working perfectly before the server upgrade. But maybe someone has
> encountered a similar problem and can point me into a direction where
> to look. The server migration script did change the conf file header from:
>
> 
>   ServerName URL
>
> to
>
> 
>   ServerName https://URL:443 
>
> There were no other changes. Other services (some Rails applications)
> are running without any issues. 
>
> Any ideas?
>
> Best, 
>
>  Taras
>
>
> ___
> fossil-users mailing list
> fossil-users@lists.fossil-scm.org
> http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users

___
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users