Force https

Discussion in 'Feature Requests' started by cfoe, Mar 30, 2012.

  1. cfoe

    cfoe Member

    Hi ISPConfig Devs,

    I am currently in the re-customization phase after the latest ISPConfig 3 Update.

    I am using a .htaccess file to enforce SSL on the subdomain of the control-panel. For me this is not the most elegant way of solving the problem.
    Roundcube has a nice variable called "force_https". If it is true ssl is enforced.

    The implementation in the index.php (of Roundcube 0.8 beta):

    Code:
    // check if https is required (for login) and redirect if necessary
    if (empty($_SESSION['user_id']) && ($force_https = $RCMAIL->config->get('force_https', false))) {
      $https_port = is_bool($force_https) ? 443 : $force_https;
      if (!rcube_https_check($https_port)) {
        $host  = preg_replace('/:[0-9]+$/', '', $_SERVER['HTTP_HOST']);
        $host .= ($https_port != 443 ? ':' . $https_port : '');
        header('Location: https://' . $host . $_SERVER['REQUEST_URI']);
        exit;
      }
    }
    This way it would work "out-of-the-box" without .htaccess file in Apache and nginx.
    I hope this could be taken into consideration for the next minor release.

    Feature Request: http://bugtracker.ispconfig.org/index.php?do=details&task_id=215

    Greatings from Germany,
    Christian
     
    Last edited: Mar 30, 2012
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    Roundcube and its code is not part of ispconfig. So if you need a change in the roundcuvbe index file, then you might want to post your feature request in the roundcube bugtracker,
     
  3. cfoe

    cfoe Member

    The Code is just an example for inspiration for ISPConfig. It is the implementation of Roundcube.
    I just wanted to emphasize how it could be done independently from the used webserver.
     
  4. wichu

    wichu New Member

    I would rather suggest that an option would be implemented into the user-interface to force SSL with this statement in the vhost-file:

    Code:
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
     
  5. cfoe

    cfoe Member

    Your solution is not bad for Apache. Do you have the rules for nginx?
    With the info the feature might be half done.
    Integration should be easy. For an experienced dev like the ispc folks
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    The problem is that neither the php code nor the apache rewrite rule will work for this purpose on a ispconfig setup. The reason is that the ispconfig controlpanel uses port based ssl and that ispconfig is not installed into a website like a webmail client like roundcube. ISPconfig runs on a dedicated port like 8080 and this port supports either ssl or plain http but not both. So you can only connect to ispconfig with ssl or without ssl, switching between ssl and non ssl with a rewrite rule or php code will not work as there is no option to switch to.

    Switching to ssl can only work if you installed ispconfig on a dedicated IP address on port 443 and when port 80 on the same IP address is enabled as well. But that not the case in any default install as most poeple dont have any spare dedicated IPv4 adresses that they want to use for the controlpanel only without hosting any websites on it.
     
  7. wichu

    wichu New Member

  8. cfoe

    cfoe Member

  9. wichu

    wichu New Member

    I'm hosting my ISPConfig Admin-Panel through the webserver (a separate instance of ISPConfig) on Apache and through the mod_proxy module.

    It is a bit complicated, but it works.
     
  10. cfoe

    cfoe Member

    You are totally right. I did not thing about the 8080 port-config of the default install.
    I use ISCP on a server on port 80+443 on an IPv4 but the IP is still usable for other domains via port 80. No problem there
     

Share This Page