On Thu, Nov 5, 2015 at 6:53 AM, Richard Hipp <d...@sqlite.org> wrote:
> On 11/4/15, Eduard <eduard.c.dumitre...@gmail.com> wrote: > > Hi Taras, > > > > I've had a very similar problem. I fixed it by setting the "HTTPS" > > environment variable (for CGI execution) to "on" when the request comes > > in through https, i.e. > > > > <If "%{HTTP:X-Forwarded-Proto} = 'https'"> > > SetEnv HTTPS on > > </If> > > > > You might want to remove the "<if>" part if you're only accepting https > > anyway. > > > > I'm not sure whether this is the truly correct way to do it, but it sure > > solved my problem. > > > > Fossil depends on the HTTPS environment variable to know whether or > not the inbound request was over http or https. Without that > environment variable, Fossil has no way of knowing, and hence has no > way of knowing whether to generate http: or https: on generated > hyperlinks. > In my Fossil server config (running as an inetd-style program behind stunnel), I pass the '--https' flag and the '--host' parameter to fossil when forking an instance. This may give OP the desired effect. Full stunnel config: $ cat stunnel.conf pid = /home/fossil/stunnel.pid output = /home/fossil/stunnel.log RNDfile = /home/fossil/randfile [fossil-https] accept = 10443 cert = /home/fossil/www.example.com.pem key = /home/fossil/www.example.com.key exec = /usr/local/bin/fossil execargs = fossil http /home/fossil/my.fossil.db --https --host www.example.com For completeness, here is the redirect rule to expose stunnel at port 443 (allowing stunnel to run as user 'fossil' rather than 'root'): # iptables -t nat -nvL Chain PREROUTING (policy ACCEPT 31728 packets, 1886K bytes) pkts bytes target prot opt in out source destination 5342 309K REDIRECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 redir ports 10443 HTH, Eric
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users