• Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login
  • Recent
  • Unsolved
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Register
  • Login

HTTPS Redirect Web GUI

Scheduled Pinned Locked Moved Unsolved
FOG Problems
3
8
622
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    cul3r0
    last edited by Nov 16, 2023, 8:35 PM

    Re: Boot.php permissiondenied

    Is there any way to write a port 80 > 443 redirect affecting only the web gui? Due to my customers security requirements i need a redirect to ssl secured port 443 for web gui. But i know the fog client stops working and that’s an entirely different beast. I tried adding the redirect shown here which worked for web gui but then didn’t allow ipxe boot to work and got error with “Operation Permitted”. I imagine just like stated in this previous post has to do with redirect. Any advice on a redirect only affecting web gui?

    ea0dc354-a888-4036-a636-8d11848db1c4-image.png

    J 1 Reply Last reply Nov 17, 2023, 6:28 PM Reply Quote 0
    • J
      JJ Fullmer Testers @cul3r0
      last edited by Nov 17, 2023, 6:28 PM

      @cul3r0

      I have such a redirect

      <VirtualHost *:80>
          <FilesMatch "\.php$">
              SetHandler "proxy:fcgi://127.0.0.1:9000/"
          </FilesMatch>
          KeepAlive Off
          ServerName ip.of.fog.server
          ServerAlias hostnameOfFogServer
          DocumentRoot /var/www/html/
          <Directory /var/www/html/fog/>
              DirectoryIndex index.php index.html index.htm
          </Directory>
          RewriteEngine On
          RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
          RewriteRule .* - [F]
          RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
          RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-d
          RewriteRule ^/fog/(.*)$ /fog/api/index.php [QSA,L]
      </VirtualHost>
      

      This is assuming you have your cert configured in ssl.conf too.
      I’m running centos with httpd as that might make a difference if you’re running debian based apache

      Have you tried the FogApi powershell module? It's pretty cool IMHO
      https://github.com/darksidemilk/FogApi
      https://fogapi.readthedocs.io/en/latest/
      https://www.powershellgallery.com/packages/FogApi
      https://forums.fogproject.org/topic/12026/powershell-api-module

      C 1 Reply Last reply Nov 27, 2023, 3:31 PM Reply Quote 0
      • C
        cul3r0 @JJ Fullmer
        last edited by Nov 27, 2023, 3:31 PM

        @JJ-Fullmer Does this affect you pxe booting into fog from asset? I do have SSL configured cert on https port for web gui.

        J 1 Reply Last reply Nov 28, 2023, 6:15 PM Reply Quote 0
        • J
          JJ Fullmer Testers @cul3r0
          last edited by Nov 28, 2023, 6:15 PM

          @cul3r0 It does not, that configuration is elsewhere. If you enabled https support at install then you have to do something special to get that disabled for pxe because it embeds the self-signed cert made at install into the on-the-fly pxe compilation process.

          Have you tried the FogApi powershell module? It's pretty cool IMHO
          https://github.com/darksidemilk/FogApi
          https://fogapi.readthedocs.io/en/latest/
          https://www.powershellgallery.com/packages/FogApi
          https://forums.fogproject.org/topic/12026/powershell-api-module

          C 1 Reply Last reply Nov 29, 2023, 6:47 PM Reply Quote 0
          • C
            cul3r0 @JJ Fullmer
            last edited by Nov 29, 2023, 6:47 PM

            @JJ-Fullmer so i didn’t notice but thats the same original file. Your config is the one i have but Nessus vuln scanner and curl command as well do not have a redirect going from http to https. We do get a 302 redirect but unfortunately its redirecting back to http

            C 1 Reply Last reply Nov 30, 2023, 8:36 PM Reply Quote 0
            • C
              cul3r0 @cul3r0
              last edited by Nov 30, 2023, 8:36 PM

              9e9c2483-144a-4a0c-bd5a-a3c43807aaa1-image.png

              This is the result from Nessus Vulnerability scanner when it comes to port 80 “not redirecting” to https 443

              J 1 Reply Last reply Nov 30, 2023, 9:01 PM Reply Quote 0
              • J
                JJ Fullmer Testers @cul3r0
                last edited by Nov 30, 2023, 9:01 PM

                @cul3r0 The https redirect is actually only working for me if I go to the fqdn on http, i.e. http://fog-server.domain.tld will redirect to https but http://fog-server will not redirect.
                I’m pretty sure it’s possible to adjust the rules to redirect everything to the fqdn on https. You can probably mess with the rules to make it rewrite anything to go the the fqdn on https

                Have you tried the FogApi powershell module? It's pretty cool IMHO
                https://github.com/darksidemilk/FogApi
                https://fogapi.readthedocs.io/en/latest/
                https://www.powershellgallery.com/packages/FogApi
                https://forums.fogproject.org/topic/12026/powershell-api-module

                1 Reply Last reply Reply Quote 0
                • D
                  dvorak
                  last edited by dvorak Jan 27, 2025, 3:12 PM Jan 27, 2025, 9:11 PM

                  @JJ-Fullmer said in HTTPS Redirect Web GUI:

                  https redirect

                  I had this issue, but wanted to add to the Copilot answer that works on RHEL 8.10 running the latest Apache and FOG 1.5.10.1634 (this assumes you installed FOG with NO HTTPS option, in other words HTTPS disabled by default):

                  To redirect all HTTP requests on port 80 to HTTPS on port 443 using your provided certificate and key, you can use the following configuration:

                  Create a new configuration file in the /etc/httpd/conf.d/ directory, for example, redirect.conf:

                  <VirtualHost *:80>
                      ServerName ip.of.fog.server
                      ServerAlias hostnameOfFogServer
                      RewriteEngine On
                      RewriteCond %{HTTPS} off
                      RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
                  </VirtualHost>
                  

                  Update your SSL configuration in the /etc/httpd/conf.d/ssl.conf file to include your certificate and key:

                  <VirtualHost *:443>
                      ServerName ip.of.fog.server
                      ServerAlias hostnameOfFogServer
                      DocumentRoot /var/www/html/
                      SSLEngine on
                      SSLCertificateFile /opt/fog/ssl/UNIQUE-FOR-ME/MYCERT.cer
                      SSLCertificateKeyFile /opt/fog/ssl/UNIQUE-FOR-ME/MYCERT.key
                  
                      <Directory /var/www/html/fog/>
                          DirectoryIndex index.php index.html index.htm
                          AllowOverride All
                          Require all granted
                      </Directory>
                  
                      <FilesMatch "\.php$">
                          SetHandler "proxy:fcgi://127.0.0.1:9000/"
                      </FilesMatch>
                  
                      RewriteEngine On
                      RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
                      RewriteRule .* - [F]
                      RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
                      RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-d
                      RewriteRule ^/fog/(.*)$ /fog/api/index.php [QSA,L]
                  </VirtualHost>
                  

                  Restart Apache to apply the changes:

                  sudo systemctl restart httpd
                  

                  This configuration will redirect all HTTP requests to HTTPS and use the provided certificate and key for SSL. Make sure to replace ip.of.fog.server and hostnameOfFogServer with your actual server IP and hostname.

                  Lastly, When enrolling a cert I used the FQDN and plain hostname as a “Subject Alternative Name”. For my company, this means internal use only (.pvt). This takes care of both redirects (prob could have also talked to the DNS team to redirect the hostname to the FQDN eg hostname.blah.pvt as well. But it’s better (and faster) in the cert if you can do it that way.

                  1 Reply Last reply Reply Quote 0
                  • 1 / 1
                  • First post
                    Last post

                  206

                  Online

                  12.0k

                  Users

                  17.3k

                  Topics

                  155.2k

                  Posts
                  Copyright © 2012-2024 FOG Project