#448 closed task (fixed)
enable https on login sites
Reported by: | lferran | Owned by: | lferran |
---|---|---|---|
Priority: | major | Milestone: | IT: Server Setup |
Component: | IT | Version: | |
Keywords: | Cc: | ||
Referenced By: | References: |
Description (last modified by lferran)
When setting up the virtual hosts, enable the https on those sites where login credentials are sent to the server:
- Roundcube login
- Phpldapadmin login
- Trac login
- Jerkins login
- Zabbix login
Change History (6)
comment:1 Changed 9 years ago by lferran
- Status changed from new to accepted
comment:2 Changed 9 years ago by landauf
comment:3 Changed 9 years ago by lferran
- Description modified (diff)
comment:4 Changed 9 years ago by lferran
- Trac is configured to run under https already. However, it is also served by apache under http. Do we want to redirect the login pages to https when clicked in the http? Or just leave it up to the user, to be concerned about security?
- The Roundcube and Zabbix logins work fine under https. The navigation bar links have been modified to point to the https URLs.
- For now, the http login is also possible. It is up to the user to use the preferred one. Should we change this? Should we block the requests to http://www.orxonox.net/roundcube , for instance? Or simply redirect them to https?
- The Jenkins login is a bit more complicated. Steps TODO
- The dedicated Jenkins web server must be configured to run with SSL too (https).
- The Proxy redirect in apache must be correctly modified to point to the new URL configured in the previous step.
comment:5 Changed 9 years ago by landauf
If possible (and if it doesn't break anything) I prefer to redirect http to https (also jenkins if possible). I think this applies to all web-services under www.orxonox.net and orxonox.net.
The only exception is svn.orxonox.net where http & https have different behavior. Here we don't need redirection.
comment:6 Changed 9 years ago by lferran
- Resolution set to fixed
- Status changed from accepted to closed
Note: See
TracTickets for help on using
tickets.
Talking about HTTPS: There's a new project that creates real SSL certificates for free: https://letsencrypt.org/ Maybe we can use this.