[rt-users] Getting Request Tracker to stick to HTTPS

[Giles Coochey]

On 16/05/2012 17:27, Darin Perusich wrote:
> On 05/16/2012 11:20 AM, Giles Coochey wrote:
>> How can I force RT to HTTPS?
>>
> Have you tried use mod_rewrite to rewrite the all traffic for that
> virtual host to https?
>
> Stubs of the config's for your RT virtual host. They http vhost only
> needs to have the basic's defined, the rewrite rules will push
> everything to https.
>
> <VirtualHost x.x.x.x:80>
> ...
> ...
>      RewriteEngine On
>      RewriteCond %{SERVER_PORT} !^443$
>      RewriteRule  ^/(.*)    https://%{SERVER_NAME}/$1 [L,R=301]
> </VirtualHost>
>
> <VirtualHost x.x.x.x:443>
> ...
> ...
>      <Location />
>        Order allow,deny
>        Allow from all
>        SetHandler modperl
>        PerlResponseHandler Plack::Handler::Apache2
>        PerlSetVar psgi_app /usr/sbin/rt-server
>      </Location>
>
>      <Perl>
>        use Plack::Handler::Apache2;
>        Plack::Handler::Apache2->preload("/usr/sbin/rt-server");
>      </Perl>
> ...
> ...
> </VirtualHost>
>
I can't do that, the actual RT Apache Server runs on port 80, so the 
rewrite condition is always false.
The Reverse Proxy Director runs on port 8080
The Squid SSL-offload caching proxy runs on 443 & 80

So RT needed to act as if it was running on 443, but it didn't do any 
SSL itself.

The problem seemed to be this setting, as mentioned by Paul.

Set($CanonicalizeRedirectURLs, 1);

Now it appears to work. If I wanted to do what you suggested I'd need to do the equivalent in Squid config, I think.

Also, I don't mind it being available on HTTP, I just don't want it bouncing back to HTTP if I log in with HTTPS.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4928 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120516/da507503/attachment.bin>