[rt-users] Apache SSL for RT 3.6.1

Carvajal, Roberto A. rcarvajal at miami.edu
Fri Nov 10 14:05:21 EST 2006


BRILLIANT Nathan!

Works like a charm. I kept reading everywhere that you couldn't do it
using virtual hosts. But this worked perfectly!

I can't express how appreciative I am.

-Robert

-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com
[mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Vonnahme,
Nathan
Sent: Thursday, November 09, 2006 9:40 PM
To: RT-Users at lists.bestpractical.com
Subject: RE: [rt-users] Apache SSL for RT 3.6.1

> "Schultz, Eric" <ESchultz at corp.untd.com> wrote: 
> 
> >> I'm still 
> >> working on
> >> getting non- secure URLs to redirect to the secure ones
> transparently.
> >> I've tried several different mod_rewrite approaches without
> success.
> >> 


I recently set up RT with SSL.  You can do SSL with virtual hosts, but
each SSL host has to have its own dedicated IP address (you can't do
name-based virtual hosts with SSL).  

Here's how I did it:

<VirtualHost 10.41.16.118:80 >
        ServerName myrt.mydomain.com
        RedirectMatch permanent (/.*) https://myrt.mydomain.com$1
</VirtualHost>


<VirtualHost 10.41.16.118:443>
        ServerName myrt.mydomain.com
        DocumentRoot /opt/rt3/share/html
        AddDefaultCharset UTF-8

    	 SSLEngine on
    	 SSLCertificateFile "/etc/httpd/conf/ssl.crt/rt.crt"
	 SSLCertificateKeyFile "/etc/httpd/conf/ssl.key/rt.key"

        PerlModule Apache::DBI
        PerlRequire /opt/rt3/bin/webmux.pl

        <Location />
                SetHandler perl-script
                PerlHandler RT::Mason
        </Location>

   Alias /NoAuth /opt/rt3/local/html/NoAuth
   <Directory /opt/rt3/local/html/NoAuth>
                Options +FollowSymLinks +Indexes
                Order allow,deny
                Allow from all
   </Directory>
   <Location /REST/1.0/NoAuth>
        satisfy any
        allow from all
   </Location>
   <Location /NoAuth>
        satisfy any
        allow from all
   </Location>
   <Location /NoAuth/images>
        SetHandler default-handler
   </Location>
</VirtualHost>


And then you need to make sure the stuff in RT_SiteConfig.pm isn't
making URLs like http://myrt.mydomain.com/rt or something.

Set($WebPath , "");
Set($WebBaseURL , "https://myrt.mydomain.com");


_______________________________________________
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales at bestpractical.com


Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
Buy a copy at http://rtbook.bestpractical.com



More information about the rt-users mailing list