HTTPS Redirect Web GUI
-
Is there any way to write a port 80 > 443 redirect affecting only the web gui? Due to my customers security requirements i need a redirect to ssl secured port 443 for web gui. But i know the fog client stops working and that’s an entirely different beast. I tried adding the redirect shown here which worked for web gui but then didn’t allow ipxe boot to work and got error with “Operation Permitted”. I imagine just like stated in this previous post has to do with redirect. Any advice on a redirect only affecting web gui?
-
I have such a redirect
<VirtualHost *:80> <FilesMatch "\.php$"> SetHandler "proxy:fcgi://127.0.0.1:9000/" </FilesMatch> KeepAlive Off ServerName ip.of.fog.server ServerAlias hostnameOfFogServer DocumentRoot /var/www/html/ <Directory /var/www/html/fog/> DirectoryIndex index.php index.html index.htm </Directory> RewriteEngine On RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-d RewriteRule ^/fog/(.*)$ /fog/api/index.php [QSA,L] </VirtualHost>This is assuming you have your cert configured in ssl.conf too.
I’m running centos with httpd as that might make a difference if you’re running debian based apache -
@JJ-Fullmer Does this affect you pxe booting into fog from asset? I do have SSL configured cert on https port for web gui.
-
@cul3r0 It does not, that configuration is elsewhere. If you enabled https support at install then you have to do something special to get that disabled for pxe because it embeds the self-signed cert made at install into the on-the-fly pxe compilation process.
-
@JJ-Fullmer so i didn’t notice but thats the same original file. Your config is the one i have but Nessus vuln scanner and curl command as well do not have a redirect going from http to https. We do get a 302 redirect but unfortunately its redirecting back to http
-
This is the result from Nessus Vulnerability scanner when it comes to port 80 “not redirecting” to https 443
-
@cul3r0 The https redirect is actually only working for me if I go to the fqdn on http, i.e. http://fog-server.domain.tld will redirect to https but http://fog-server will not redirect.
I’m pretty sure it’s possible to adjust the rules to redirect everything to the fqdn on https. You can probably mess with the rules to make it rewrite anything to go the the fqdn on https
