Page 1 of 1
[SOLVED] Trac over SSL
Posted: Wed Oct 11, 2006 10:19 am
by Chris Corbyn
I've set trac up many times before from package managers under linux but this time I had to do it on an ArchLinux box. It was relatively painless and Trac is now running but there is one minor issue.
I've never set Trac up to run over HTTPS before so this probably affects all Trac installations in this fashion. I'm running on port 445 over HTTPS (I've used port 445 because we need to target one server through a gateway to a cluster of servers). It works BUT after editting a wiki page it tries to redirect, presumably in order to prevent the back button causing issues and when it redirects it sends me to
http://server/path. I need to stay under HTTPS all the time

Anybody had this issue before or know enough python to suggest a fix?

Posted: Wed Oct 11, 2006 12:25 pm
by Chris Corbyn
Just thinking; this is only for internal use so I'd be happy with a server-level redirect. Off the top of their head does anybody know how to configure apache to do this redirect?
Code: Select all
http://project.domain.tld:445/any/path/here?args --> https://project.domain.tld:445/any/path/here?args
?
Posted: Wed Oct 11, 2006 1:07 pm
by Weirdan
mod_rewrite?
Posted: Wed Oct 11, 2006 1:37 pm
by Chris Corbyn
Weirdan wrote:mod_rewrite?
I've been trying for ages and it just seems to be totally ignoring my rule
Code: Select all
<VirtualHost *:445>
ServerName XXXXX.hidden
DocumentRoot /home/httpd/secure/iris-project
ScriptAlias /trac /home/httpd/secure/iris-project/htdocs/cgi-bin/trac.cgi
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*) https://%{SERVER_NAME}:445/$1 [R,L]
<Location "/trac">
SetEnv TRAC_ENV "/home/httpd/secure/iris-project"
</Location>
<Location /svn>
DAV svn
SVNPath /home/svn/iris
SVNAutoVersioning On
AuthType Basic
AuthName "IRIS SVN Repository"
AuthUserFile /home/svn/conf/svnusers
Require valid-user
</Location>
</VirtualHost>
Posted: Wed Oct 11, 2006 1:58 pm
by Chris Corbyn
Hmm... the reason it ignores the rewrite is because the error it creates is a 400 error as it's expecting SSL:
Bad request!
Your browser (or proxy) sent a request that
this server could not understand.
If you think this is a server error, please contact
the webmaster.
Error 400
localhost.localdomain
Wed Oct 11 05:40:11 2006
Apache
I'll have to get both SSL and non-SSL working on port 445 for this work won't I?
Posted: Wed Oct 11, 2006 4:07 pm
by Chris Corbyn
Doh! This was such an obvious fix. Since I'm running it over CGI I needed to have:
SetEnv HTTPS 1
in httpd.conf for this VirtualHost so that Trac could see we're using HTTPS. Working fine now
