Project

General

Profile

Issue #1323

Switch all Replicant URL references to https

Added by sel mo almost 5 years ago. Updated about 3 years ago.

Status:
Closed
Priority:
High
Category:
Infrastructure (web, git)
Target version:
-
Start date:
09/02/2015
Due date:
% Done:

100%

Estimated time:
Resolution:
fixed
Device:

Description

  • project's Overview tab, refers to homepage: (http://)www.replicant.us
  • redmine emails refer to http://redmine.replicant.us/ in:
    • header links to issues/posts
    • footer sign in link

This is a suggestion :)


Related issues

Related to Replicant - Issue #1335: Problem with SSL on websiteClosed

Actions

History

#1

Updated by Paul Kocialkowski almost 5 years ago

Good point, I've also spotted that in the source tree, at vendor/replicant.

Would you care to look whether you can find http references at other places?

#2

Updated by Denis 'GNUtoo' Carikli over 4 years ago

  • Device Not device specific added
#3

Updated by Denis 'GNUtoo' Carikli over 4 years ago

Paul, Would changing HTTP to HTTPS in https://redmine.replicant.us/settings fix it?

Denis.

#4

Updated by Paul Kocialkowski over 4 years ago

  • Device added
  • Device deleted (Not device specific)

Just changed the protocol to https. Any other place to change this?

#5

Updated by sel mo over 4 years ago

Hi Paul,

Thanks for switching redmine Admin's protocol to https (as it ensures links generated by redmine, such as #XXX Issue links, [[Wikis Pages]], as well as URLs in outgoing emails, use https)

Aside from that, I suggest:

1. Amend the Homepage value

In https://redmine.replicant.us/projects/replicant/settings, change www.replicant.us to https://www.replicant.us/

2. Manually edit Issues, Wiki & Forum mentions of:

A quick way of doing this could be to put redmine in read-only (for the time necessary to perform the following steps), make a SQL dump of redmine's DB, switch all http references to https in the dump file, override the DB with the dump file, and restart redmine/Apache.

mysqldump -u redmine -p --opt --lock-tables=false redmine > redmine_dump_yyyymmdd.sql

# Edit the @redmine_dump.sql@, using vim for example,

vim redmine_dump_yyyymmdd.sql

   :%s/http:\/\/www.replicant.us/https:\/\/www.replicant.us/g
   :%s/http:\/\/redmine.replicant.us/https:\/\/redmine.replicant.us/g
   :wq

mysql -u root -p

    drop database redmine;
    CREATE DATABASE redmine CHARACTER SET utf8;
    CREATE USER 'redmine'@'localhost' IDENTIFIED BY 'password_used_by_redmine.replicant';
    GRANT ALL PRIVILEGES ON redmine.* TO 'redmine'@'localhost';
    flush privileges;
    exit

chmod 777 redmine_dump_yyyymmdd.sql  #(Optional step) ie. if mysql complains it can't import the .sql file

mysql -u root -p redmine < redmine_dump_yyyymmdd.sql

sudo service apache2 restart

3. Systematically redirect :80 to :443

I see redmine.replicant.us is hosted via Apache.

I don't know much Apache, as I always use nginx, but checking Apache's documentation, setting up such a redirect requires something like this:

NameVirtualHost *:80
<VirtualHost *:80>
   ServerName redmine.replicant.us
   Redirect permanent / https://redmine.replicant.us/
</VirtualHost>

<VirtualHost _default_:443>
   ServerName redmine.replicant.us
   DocumentRoot /usr/local/apache2/htdocs/redmine
   SSLEngine On
# etc...
</VirtualHost>

If ever you consider switching replicant's redmine to nginx, I'd be glad to help - just let me know ;)

#6

Updated by Kurtis Hanna over 3 years ago

  • Assignee changed from Paul Kocialkowski to Wolfgang Wiedmeyer
  • Priority changed from Normal to High

We really need to fix our TLS so that it gets A+ and then redirect everything to 443.

#7

Updated by Wolfgang Wiedmeyer over 3 years ago

URLs in the Redmine settings are switched to https. URLs are also changed in the README and CONTRIBUTORS files in vedor/replicant and the manifest repo.

The wiki should now only use local links for references to redmine.replicant.us content (except on deprecated pages) and links to the website are https. I won't change issues and forum posts, because I won't change messages from users. We don't have access to the database anyway.

I mentioned systematically redirecting http to https in the OSUOSL ticket for the new cert.
It looks like the registration page is not redirected to https, only the login page. This is another reason that a systematical redirect is necessary.

#8

Updated by Kurtis Hanna about 3 years ago

  • Status changed from New to Closed

I'm very sorry if I'm closing a ticket that shouldn't be closed, but all of our links now redirect to https, so this seems like a ticket that can be closed.

#9

Updated by Wolfgang Wiedmeyer about 3 years ago

  • % Done changed from 0 to 100
  • Resolution set to fixed

Also available in: Atom PDF