HTTPS when Logging Into Redmine?

Added by Calvin Cheng over 9 years ago

Hi Guys,

I have been using redmine for our team's projects for some time and so far so good...
Recently switched to bleeding edge and it is surprisingly stable for a bleeding edge implementation.
Also started using Git (instead of SVN) and I am really glad it all worked out.
Much thanks to JPLang's great code and Thomas' assistance once in a while.

I am wondering about just 1 more issue. Is it possible to configure my redmine install so that for the LOGIN (i.e. when a user logs in), https is used for that brief moment when username and passwords are being transmitted across the internet?

I do this with regularity for my PHP-based sites and was wondering how easy/difficult it would be to modify ruby to do the same.


Replies (2)

RE: HTTPS when Logging Into Redmine? - Added by Thomas Lecavelier over 9 years ago

Hi Calvin,

Glad to see you here.

The easiest way to achieve your goal, you have to configure your proxy to handle the SSL port (http is just a transport protocol, ruby and rails just create the content: it's you're web server that decide how to serve your clients). So it could not be very different from your php way to do.

RE: HTTPS when Logging Into Redmine? - Added by Calvin Cheng over 9 years ago

Hi Thomas,

What I meant was where I could possibly modify the ruby code so that it points to https for a brief moment before switching back to http again when the 'submit' button is being pressed.

As an example: If I write a form tag in html, that would mean that my post url points to "https://".$_SERVER['PHP_SELF']."/login.php" and when login.php authenticates me, I will be brought into the site with url

As far as the apache directives for the virtualhost for the https is concerned, I have already configured them correctly. :)

So my question is actually regarding where exactly to modify the ruby login script to do this...