On 16/05/2012 17:27, Darin Perusich wrote:
I can't do that, the actual RT Apache Server runs on port 80, so the rewrite condition is always false.On 05/16/2012 11:20 AM, Giles Coochey wrote:How can I force RT to HTTPS?Have you tried use mod_rewrite to rewrite the all traffic for that virtual host to https? Stubs of the config's for your RT virtual host. They http vhost only needs to have the basic's defined, the rewrite rules will push everything to https. <VirtualHost x.x.x.x:80> ... ... RewriteEngine On RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R=301] </VirtualHost> <VirtualHost x.x.x.x:443> ... ... <Location /> Order allow,deny Allow from all SetHandler modperl PerlResponseHandler Plack::Handler::Apache2 PerlSetVar psgi_app /usr/sbin/rt-server </Location> <Perl> use Plack::Handler::Apache2; Plack::Handler::Apache2->preload("/usr/sbin/rt-server"); </Perl> ... ... </VirtualHost>
The Reverse Proxy Director runs on port 8080 The Squid SSL-offload caching proxy runs on 443 & 80So RT needed to act as if it was running on 443, but it didn't do any SSL itself.
The problem seemed to be this setting, as mentioned by Paul. Set($CanonicalizeRedirectURLs, 1); Now it appears to work. If I wanted to do what you suggested I'd need to do the equivalent in Squid config, I think. Also, I don't mind it being available on HTTP, I just don't want it bouncing back to HTTP if I log in with HTTPS.
smime.p7s
Description: S/MIME Cryptographic Signature
