2016. márc. 27. dátummal, 16:30 időpontban Sylvain Munaut <[email protected]> írta:
> Do you know if redmine supports going to HTTPS only (i.e. redir http > to https). I changed the "protocol" to HTTPS in the admin panel but > that had no effect afaict. > I think this should be done on nginx’s level. According to this test everything looks good, although HSTS could be introduced since it is not a hard thing to set up as far as I remember and it would improve the grade to A+ :): https://www.ssllabs.com/ssltest/analyze.html?d=osmocom.org&s=2a01%3a4f8%3a191%3a444b%3a0%3a0%3a2%3a5&hideResults=on&latest This blogpost, although quite old, offers a good list of things to look at: https://timtaubert.de/blog/2014/10/deploying-tls-the-hard-way/ > I would prefer to be HTTPS only and also have the session cookie have > the "Secure" flag (so they're never sent over plain HTTP) Cheers, Domi
