Project

General

Profile

Unable to login with HTTPS

Added by Aleksandr Tampere over 10 years ago

Hi

Our Environment is:
Redmine version 2.3.3.stable.12220
Ruby version 1.9.3-p448 (2013-06-27) [x86_64-linux]
Rails version 3.2.13
Environment production
Database adapter Mysql2
Redmine plugins:
no plugin installed

We are currently running our installation on Webrick as the product is in use by 5, max 10 users. Our Redmine installation is hosted on a shared Arvixe hosting. We managed to configure our installation to be accessible from the subfolder domain/redmine as our SSL ceritificate is cheap and doesn't suppor wildcart in style redmine.domain.com.

To achieve that we did following customizations:

1. Added config.asset_path = "/redmine%s" to the config/application.rb
2. Added RedmineApp::Application.routes.default_scope = '/redmine' to the config/environment.rb
3. Created .htaccess:

RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://domain/redmine/$1 [R=301,L]
RewriteRule ^(stylesheets|images|javascripts|plugin_assets|themes)($|/) - [L]
RewriteRule ^(.*)$ "http\:\/\/127\.0\.0\.1\:3000\/redmine\/$1" [P,L]

All the links are fully functional with both HTTP and HTTPS, however the only problem we have with HTTPS when we logging in is a redirect to http://domainhttps%3a%2f%2fdomain%2fredmine/ instead of domain/redmine/...

If I comment the following lines in the .htaccess, then with HTTP there is no such problem:

#RewriteCond %{SERVER_PORT} 80
#RewriteRule ^(.*)$ https://domain/redmine/$1 [R=301,L]

Please let me know if you saw similar behavior or if there is any other way how we can force SSL.

Thank you in advance


Replies (6)

RE: Unable to login with HTTPS - Added by Martin Denizet (redmine.org team member) over 10 years ago

I don't know if it helps but using VirutalHost, I do:

<virtualhost *:80>
    ServerName redmine.domain.com
    KeepAlive Off
    RewriteEngine On
    RewriteRule ^/(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</virtualhost>

I suggest you try:
RewriteEngine On
RewriteRule ^/redmine/(.*)$ https://%{HTTP_HOST}/redmine/$1 [R=301,L]

Cheers,

RE: Unable to login with HTTPS - Added by Aleksandr Tampere over 10 years ago

Hi Martin,

Thanks for the suggestion, but unfortunately if I change my .htaccess to as demonstrated below it doesn't even redirect to HTTPS

RewriteEngine on
RewriteRule ^/redmine/(.*)$ https://%{HTTP_HOST}/redmine/$1 [R=301,L]
RewriteRule ^(stylesheets|images|javascripts|plugin_assets|themes)($|/) - [L]
RewriteRule ^(.*)$ "http\:\/\/127\.0\.0\.1\:3000\/redmine\/$1" [P,L]

RE: Unable to login with HTTPS - Added by Aleksandr Tampere over 10 years ago

Hi All,

I still need your assistance on the problem. Recently I upgraded to 2.4.1 and my .htaccess is still:

RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://domain/redmine/$1 [R=301,L]
RewriteRule ^(stylesheets|images|javascripts|plugin_assets|themes)($|/) - [L]
RewriteRule ^(.*)$ "http\:\/\/127\.0\.0\.1\:3000\/redmine\/$1" [P,L]

When I login, it's redirecting me to

http://domainhttp%3a%2f%2fdomain%2fredmine/ instead of https://domain/redmine and this is the only issue I have with that particular .htaccess and HTTPS, all the other pages including registration, logout, project management and administration are fully functional with this particular .htacces and HTTPS. Basically initial login redirect is the only problem I have. Do you know if there if there is any way to workaround the issue e.g modify the redirect criteria in the account_controller.rb or any other place to have initial login redirect to https://domain/redmine ?

Thank you in advance,
Alex

RE: Unable to login with HTTPS - Added by Martin Denizet (redmine.org team member) over 10 years ago

Aleksandr Tampere wrote:

RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://domain/redmine/$1 [R=301,L]
RewriteRule ^(stylesheets|images|javascripts|plugin_assets|themes)($|/) - [L]
RewriteRule ^(.*)$ "http\:\/\/127\.0\.0\.1\:3000\/redmine\/$1" [P,L]

I suggest you try:

RewriteEngine on
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^/(.*)$ https://domain/redmine/$1 [R=301,L]
RewriteRule ^(stylesheets|images|javascripts|plugin_assets|themes)($|/) - [L]
RewriteRule ^/(.*)$ http://127.0.0.1:3000/$1 [P,L]

I'm disturbed about 2 things in your setup:
  1. Your severs runs on port 3000. If it's WEBrick, it's strong advised not to use it for production and you should consider using Passenger instead.
  2. You use your .htaccess to proxy your connection. Why not do that clean in your vhost file or use the stunnel package
If you have access to the Apache configuration, I strongly recommend you to get your setup clean:

To mention it, I'm really not a big fan so sub-URI installations for several reasons that I wont detail here. I prefer to deploy in a subdomain.

If for some reason you must really stick with WEBrick, I recommend you still create the 2 vhost described above but instead of using passenger in the *:443 vhost, use Apache2's reverse proxy mod such as:

ProxyPass /redmine http://localhost:3000
ProxyPassReverse /redmine http://localhost:3000

Should not take you more than 20mins.

Cheers!

RE: Unable to login with HTTPS - Added by Aleksandr Tampere over 10 years ago

Hi Martin,

As my Redmine installation is running on a shared hosting with Tomcat and without any option for Passenger, Webrick is the only option. Also the Redmine is in use by max 2 - 5 people and so far I couldn't observe any performance problem.

The .htaccess you suggested didn't work as login script is redirecting to http://domainhttp%3a%2f%2fdomain%2fredmine, not even http://domain/http%3a%2f%2fdomain%2fredmine/ or http://domain/redmine/http%3a%2f%2fdomain%2fredmine/, so it obviously "Domain Not Found" error. Like I mentioned before, with HTTP I don't have this problem, e.g if I change my .htaccess to:

RewriteEngine on
RewriteRule ^(stylesheets|images|javascripts|plugin_assets|themes)($|/) - [L]
RewriteRule ^(.*)$ "http\:\/\/127\.0\.0\.1\:3000\/redmine\/$1" [P,L]

RE: Unable to login with HTTPS - Added by Aleksandr Tampere about 10 years ago

Hi again,

Is there any other way how I can force the login redirect to be http://domain/redmine/https%3a%2f%2fdomain%2fredmine instead of my current http://domainhttp%3a%2f%2fdomain%2fredmine which is invalid? Invalid login redirect URL with SSL and my current htaccess is the only problem. I see that other pages are fully ok in SSL mode.

Thank you in advance

    (1-6/6)