https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
Might be of interest, if your regular users use firefox, Chrome or Opera. The other option: Set up another virtual host on the apache box that only serves a redirect to the https side. On the proxy, direct port 80 to that one, and leave 443 pointing at the RT instance. If the proxy supports such, at least. Steve Anderson -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Giles Coochey Sent: 16 May 2012 18:05 To: [email protected] Subject: Re: [rt-users] Getting Request Tracker to stick to HTTPS On 16/05/2012 17:27, Darin Perusich wrote: > On 05/16/2012 11:20 AM, Giles Coochey wrote: >> How can I force RT to HTTPS? >> > Have you tried use mod_rewrite to rewrite the all traffic for that > virtual host to https? > > Stubs of the config's for your RT virtual host. They http vhost only > needs to have the basic's defined, the rewrite rules will push > everything to https. > > <VirtualHost x.x.x.x:80> > ... > ... > RewriteEngine On > RewriteCond %{SERVER_PORT} !^443$ > RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R=301] > </VirtualHost> > > <VirtualHost x.x.x.x:443> > ... > ... > <Location /> > Order allow,deny > Allow from all > SetHandler modperl > PerlResponseHandler Plack::Handler::Apache2 > PerlSetVar psgi_app /usr/sbin/rt-server > </Location> > > <Perl> > use Plack::Handler::Apache2; > Plack::Handler::Apache2->preload("/usr/sbin/rt-server"); > </Perl> > ... > ... > </VirtualHost> > I can't do that, the actual RT Apache Server runs on port 80, so the rewrite condition is always false. The Reverse Proxy Director runs on port 8080 The Squid SSL-offload caching proxy runs on 443 & 80 So RT needed to act as if it was running on 443, but it didn't do any SSL itself. The problem seemed to be this setting, as mentioned by Paul. Set($CanonicalizeRedirectURLs, 1); Now it appears to work. If I wanted to do what you suggested I'd need to do the equivalent in Squid config, I think. Also, I don't mind it being available on HTTP, I just don't want it bouncing back to HTTP if I log in with HTTPS. ______________________________________________ This email has been scanned by Westcoastcloud. http://www.westcoastcloud.co.uk/ BiP Solutions Limited is a company registered in Scotland with Company Number SC086146 and VAT number 383030966 and having its registered office at Medius, 60 Pacific Quay, Glasgow, G51 1DZ. In order to improve the quality of the service we offer, calls may be recorded for quality management and training purposes. **************************************************************************** This e-mail (and any attachment) is intended only for the attention of the addressee(s). Its unauthorised use, disclosure, storage or copying is not permitted. If you are not the intended recipient, please destroy all copies and inform the sender by return e-mail. This e-mail (whether you are the sender or the recipient) may be monitored, recorded and retained by BiP Solutions Ltd. E-mail monitoring/ blocking software may be used, and e-mail content may be read at any time.You have a responsibility to ensure laws are not broken when composing or forwarding e-mails and their contents. ****************************************************************************
