Defect #1145

https - not all links use https but http

Added by Daniel Netzer over 9 years ago. Updated about 9 years ago.

Status:ClosedStart date:2008-04-29
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-
Resolution:Invalid Affected version:

Description

I have set up redmine 0.7.0 behind an SSL enabled Apache proxying back to mongrel. Under administration I have set protocol to https and set hostname to my correct hostname but some links go to http: Home, Logout, Login.

index.html Magnifier (3.55 KB) Robert Cerny, 2008-05-19 16:01


Related issues

Related to Redmine - Defect #1628: redmine sends http on forms on https server Reopened 2008-07-12
Duplicated by Redmine - Defect #2226: broken links in apache https Closed 2008-11-25

Associated revisions

Revision 1384
Added by Jean-Philippe Lang over 9 years ago

Fixed: Home, Logout, Login links are absolute (#1122, #1145).

History

#1 Updated by Daniel Netzer over 9 years ago

I searched the bugs on redmine.org and found #157 which seems to have related effects but for emails.

#2 Updated by Eric Davis over 9 years ago

This is all based on your Apache settings. The "protocol" and "hostname" in the administration setting are only for email. Check to make sure you have your Apache with the following line:

  RequestHeader set X_FORWARDED_PROTO 'https'

That tells Redmine and mongrel that https is used.

Full configuration file from my old Apache:

<VirtualHost *:80> 
  ServerName projects.littlestreamsoftware.com

  RewriteEngine On

  # Redirect any non HTTPS requests to the HTTPS server
  RewriteCond %{HTTP_HOST} ^projects.littlestreamsoftware.com$ [NC]
  RewriteRule ^(.*)$ https://projects.littlestreamsoftware.com$1 [R=301,L]

  Include /etc/apache2/common/hide-svn
  Include /etc/apache2/common/deflate

</VirtualHost>

NameVirtualHost *:443
<VirtualHost *:443>
  SSLEngine on
  SSLCertificateFile /etc/apache2/apache.pem
  RequestHeader set X_FORWARDED_PROTO 'https'
  ServerAdmin webmaster@localhost
  RewriteEngine On

  DocumentRoot /home/websites/projects.littlestreamsoftware.com/current/public
  <Directory "/home/websites/projects.littlestreamsoftware.com/current/public">
    Options FollowSymLinks
    AllowOverride All
    Order allow,deny
    Allow from all
  </Directory>

  <Proxy balancer://redmine_cluster>
    BalancerMember http://127.0.0.1:12000
  </Proxy>

  ProxyPass / balancer://redmine_cluster/ 
  ProxyPassReverse / balancer://redmine_cluster/

  # These directories should always be served up by Apache, since they contain static content. Or just let rails do it. 
  ProxyPass /images !
  ProxyPass /stylesheets !
  ProxyPass /javascripts !
  ProxyPass /favicon.ico !

  # Uncomment for rewrite debugging
#  RewriteLog /tmp/myapp_rewrite_log
#  RewriteLogLevel 9 

  # Check for maintenance file and redirect all requests
  RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f
  RewriteCond %{SCRIPT_FILENAME} !maintenance.html
  RewriteRule ^.*$ /system/maintenance.html [L]

  # Rewrite index to check for static
  RewriteRule ^/$ /cache/index.html [QSA] 

  # Rewrite to check for Rails cached page
  RewriteRule ^([^.]+)$ /cache/$1.html [QSA]

  # Redirect all non-static requests to cluster
  RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
  RewriteRule ^/(.*)$ balancer://redmine_cluster%{REQUEST_URI} [P,QSA,L]

  ErrorLog /var/log/apache2/error.log

  CustomLog /var/log/apache2/admin-access.log combined
  ServerSignature Off

  Include /etc/apache2/common/hide-svn
  Include /etc/apache2/common/deflate

</VirtualHost>

#3 Updated by Daniel Netzer over 9 years ago

  • Status changed from New to Resolved

Hi Eric,
thank you very much! I suspected the settings but you were right. It was mod_proxy and the missing header for https.

#4 Updated by Jean-Philippe Lang over 9 years ago

  • Status changed from Resolved to Closed
  • Target version set to 0.7.1
  • Resolution set to Fixed

Home, Logout, Login links are fixed in r1384.
They have now relative urls.

#5 Updated by Robert Cerny over 9 years ago

  • Status changed from Closed to Reopened

Hi,
I installed version 1424 today and it looks like the Login/Logout/Account paths are still absolute... At least on my install while browsing http://localhost:3000 I get http://192.168.1.10:3000/ after trying to login

#6 Updated by Jean-Philippe Lang over 9 years ago

  • Target version deleted (0.7.1)

Robert: could you attach the full html content of the home page please ?

#7 Updated by Robert Cerny over 9 years ago

Enclosed please find attached html file. You didn't provide much details which page should I attach, so it's home page after successful login. My browser swaps to ip address when clicking Sign out. Could redirect_back_or_default method be involved there??

#8 Updated by Robert Cerny over 9 years ago

Well,
it looks like the problem was in the configuration of my server. All is working now.

#9 Updated by Jean-Philippe Lang over 9 years ago

  • Status changed from Reopened to Closed
  • Resolution changed from Fixed to Invalid

OK, thanks for the feedback Robert.

#10 Updated by Toni Kerschbaum about 9 years ago

  • Status changed from Closed to Reopened

Is it possible that if "Authentication required" is enabled, the redirect goes to http://, regardless if the URI used is for instance http://www.redmine.org or https://secure.redmine.org?

In my case, I have Apache serving Redmine with standard http:// access from the Intranet, but SSL/https:// access for clients from untrusted networks. Can this be done even? So far, everything works fine, except the issue described above.

#11 Updated by Toni Kerschbaum about 9 years ago

The solution described by Eric Davis in reply No. 2 fixes my problem - it's working now :)

#12 Updated by Eric Davis about 9 years ago

  • Status changed from Reopened to Closed

Closing, issue caused by Apache configuration.

Also available in: Atom PDF