Page 1 of 1

[SOLVED] Trac over SSL

Posted: Wed Oct 11, 2006 10:19 am
by Chris Corbyn
I've set trac up many times before from package managers under linux but this time I had to do it on an ArchLinux box. It was relatively painless and Trac is now running but there is one minor issue.

I've never set Trac up to run over HTTPS before so this probably affects all Trac installations in this fashion. I'm running on port 445 over HTTPS (I've used port 445 because we need to target one server through a gateway to a cluster of servers). It works BUT after editting a wiki page it tries to redirect, presumably in order to prevent the back button causing issues and when it redirects it sends me to http://server/path. I need to stay under HTTPS all the time :( Anybody had this issue before or know enough python to suggest a fix? :)

Posted: Wed Oct 11, 2006 12:25 pm
by Chris Corbyn
Just thinking; this is only for internal use so I'd be happy with a server-level redirect. Off the top of their head does anybody know how to configure apache to do this redirect?

Code: Select all

http://project.domain.tld:445/any/path/here?args --> https://project.domain.tld:445/any/path/here?args
?

Posted: Wed Oct 11, 2006 1:07 pm
by Weirdan
mod_rewrite?

Posted: Wed Oct 11, 2006 1:37 pm
by Chris Corbyn
Weirdan wrote:mod_rewrite?
I've been trying for ages and it just seems to be totally ignoring my rule :? :(

Code: Select all

<VirtualHost *:445>
    ServerName XXXXX.hidden
    DocumentRoot /home/httpd/secure/iris-project
    ScriptAlias /trac /home/httpd/secure/iris-project/htdocs/cgi-bin/trac.cgi

    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^(.*) https://%{SERVER_NAME}:445/$1 [R,L]

    <Location "/trac">
        SetEnv TRAC_ENV "/home/httpd/secure/iris-project"
    </Location>
    <Location /svn>
        DAV svn
        SVNPath /home/svn/iris
        SVNAutoVersioning On
        AuthType Basic
        AuthName "IRIS SVN Repository"
        AuthUserFile /home/svn/conf/svnusers
        Require valid-user
    </Location>
</VirtualHost>

Posted: Wed Oct 11, 2006 1:58 pm
by Chris Corbyn
Hmm... the reason it ignores the rewrite is because the error it creates is a 400 error as it's expecting SSL:
Bad request!




Your browser (or proxy) sent a request that
this server could not understand.



If you think this is a server error, please contact
the webmaster.



Error 400


localhost.localdomain


Wed Oct 11 05:40:11 2006

Apache
I'll have to get both SSL and non-SSL working on port 445 for this work won't I?

Posted: Wed Oct 11, 2006 4:07 pm
by Chris Corbyn
Doh! This was such an obvious fix. Since I'm running it over CGI I needed to have:

SetEnv HTTPS 1

in httpd.conf for this VirtualHost so that Trac could see we're using HTTPS. Working fine now :)