seems like http to https redirect is not working

[may17]

• operating system OSX
• docker version 18.03.0-ce
• docker-compose version version 1.20.1, build 5d8c71b

First of all thanks a lot for the new https feature.

I`ve got one troubleshoot atm. It seems like the redirect from http to https is not working. I could open http://myproject.loc and https://myproject.loc and both are working. Shouldn`t been http://myproject.loc redirected to https://myproject.loc?

I am using HTTPD_SERVER nginx-stable with the default nginx template.

[cytopia]

The default is to have both, http and https.

A redirect can however be accomplished by setting:

      - MAIN_VHOST_SSL_TYPE=both

to

      - MAIN_VHOST_SSL_TYPE=redir

in docker-compose.yml

It is not yet a configurable variable in .env as it was not yet properly tested. Feel free to report back here how that works.

[may17]

Thank you for your fast response. I`ve changed the MAIN_VHOST_SSL_TYPE to redir but it has no effect. The "problem" still exists.

If i changed it to redirect (Just to test if changes are reconized) the log shows me an error after running docker-compose up as expected.

[ERR] Invalid value for $MAIN_VHOST_SSL_TYPE: 'redirect'. Allowed: plain, ssl, both or redir

[cytopia]

It should be redir, not redirect

[cytopia]

There are actually two places:

      - MAIN_VHOST_SSL_TYPE=redir
      - MASS_VHOST_SSL_TYPE=redir

[may17]

I`ve added redir to MAIN_VHOST_SSL_TYPE and MASS_VHOST_SSL_TYPE but it is still not redirecting.

[cytopia]

It does work fine for me. What is the output of docker logs after applying the above settings?

[cytopia]

@may17 is this still an issue for you?

[cytopia]

This issue will be closed due to staleness.

Add required information in order to have it re-opened.

[iKlsR]

This isn't working for me either. Win 10 1903. Latest master. .env is basically stock sans the IDs.

[nicolabeghin]

I confirm the same issue, by setting both MAIN_VHOST_SSL_TYPE and MASS_VHOST_SSL_TYPE to redir no automatic redirect happens from HTTP to HTTPS. I'm on stock (updated) devilbox, apache-2.4 and php-fpm

Generated vhost /etc/httpd/vhost.d/sia.conf in httpd container is missing the redirect option part

<VirtualHost *:443>
    ServerName sia.loc
    Protocols  h2 http/1.1

    CustomLog  "/var/log/apache-2.4/sia_ssl-access.log" combined
    ErrorLog   "/var/log/apache-2.4/sia_ssl-error.log"


    SSLEngine on
    SSLCertificateFile    "/etc/httpd/cert/mass/sia.loc.crt"
    SSLCertificateKeyFile "/etc/httpd/cert/mass/sia.loc.key"
    SSLProtocol           TLSv1 TLSv1.1 TLSv1.2
    SSLHonorCipherOrder   on
    SSLCipherSuite        HIGH:!aNULL:!MD5

    # Define the vhost to serve files
    DocumentRoot "/shared/httpd/sia/htdocs"
    <Directory "/shared/httpd/sia/htdocs">
        DirectoryIndex index.php index.html index.htm

        AllowOverride All
        Options All

        RewriteEngine on
        RewriteBase /

        Order allow,deny
        Allow from all
        Require all granted
    </Directory>


    # In case for PHP-FPM 5.2 compatibility use 'GENERIC' instead of 'FPM'
    # https://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html#proxyfcgibackendtype
    ProxyFCGIBackendType FPM

    # PHP-FPM Definition
    <FilesMatch \.php$>
        Require all granted
        SetHandler proxy:fcgi://php:9000
    </FilesMatch>

    <Proxy "fcgi://php:9000/">
        ProxySet timeout=180
        ProxySet connectiontimeout=180
    </Proxy>

    # If the php file doesn't exist, disable the proxy handler.
    # This will allow .htaccess rewrite rules to work and
    # the client will see the default 404 page of Apache
    RewriteCond %{REQUEST_FILENAME} \.php$
    RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI} !-f
    RewriteRule (.*) - [H=text/html]

    # Alias Definition
    Alias "/devilbox-api/" "/var/www/default/api/devilbox-api/"
    <Location "/devilbox-api/">
        # Allow cross domain request from these hosts
        SetEnvIf Origin "http(s)?://(.*)$" AccessControlAllowOrigin=$0
        Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
        Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
        Header always set Access-Control-Max-Age "0"
        Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
        # Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
        RewriteEngine On
        RewriteCond %{REQUEST_METHOD} OPTIONS
        RewriteRule ^(.*)$ $1 [R=200,L]
    </Location>
    <Directory "/var/www/default/api/devilbox-api/">
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>

    # Deny Definition
    <FilesMatch "/\.git">
        Order allow,deny
        Deny from all
    </FilesMatch>

    # Deny Definition
    <FilesMatch "/\.ht.*">
        Order allow,deny
        Deny from all
    </FilesMatch>


    # Custom directives

</VirtualHost>
<VirtualHost *:80>
    ServerName sia.loc
    Protocols  http/1.1

    CustomLog  "/var/log/apache-2.4/sia-access.log" combined
    ErrorLog   "/var/log/apache-2.4/sia-error.log"



    # Define the vhost to serve files
    DocumentRoot "/shared/httpd/sia/htdocs"
    <Directory "/shared/httpd/sia/htdocs">
        DirectoryIndex index.php index.html index.htm

        AllowOverride All
        Options All

        RewriteEngine on
        RewriteBase /

        Order allow,deny
        Allow from all
        Require all granted
    </Directory>


    # In case for PHP-FPM 5.2 compatibility use 'GENERIC' instead of 'FPM'
    # https://httpd.apache.org/docs/2.4/mod/mod_proxy_fcgi.html#proxyfcgibackendtype
    ProxyFCGIBackendType FPM

    # PHP-FPM Definition
    <FilesMatch \.php$>
        Require all granted
        SetHandler proxy:fcgi://php:9000
    </FilesMatch>

    <Proxy "fcgi://php:9000/">
        ProxySet timeout=180
        ProxySet connectiontimeout=180
    </Proxy>

    # If the php file doesn't exist, disable the proxy handler.
    # This will allow .htaccess rewrite rules to work and
    # the client will see the default 404 page of Apache
    RewriteCond %{REQUEST_FILENAME} \.php$
    RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI} !-f
    RewriteRule (.*) - [H=text/html]

    # Alias Definition
    Alias "/devilbox-api/" "/var/www/default/api/devilbox-api/"
    <Location "/devilbox-api/">
        # Allow cross domain request from these hosts
        SetEnvIf Origin "http(s)?://(.*)$" AccessControlAllowOrigin=$0
        Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
        Header always set Access-Control-Allow-Methods "POST, GET, OPTIONS, DELETE, PUT"
        Header always set Access-Control-Max-Age "0"
        Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token"
        # Added a rewrite to respond with a 200 SUCCESS on every OPTIONS request.
        RewriteEngine On
        RewriteCond %{REQUEST_METHOD} OPTIONS
        RewriteRule ^(.*)$ $1 [R=200,L]
    </Location>
    <Directory "/var/www/default/api/devilbox-api/">
        Order allow,deny
        Allow from all
        Require all granted
    </Directory>

    # Deny Definition
    <FilesMatch "/\.git">
        Order allow,deny
        Deny from all
    </FilesMatch>

    # Deny Definition
    <FilesMatch "/\.ht.*">
        Order allow,deny
        Deny from all
    </FilesMatch>


    # Custom directives

</VirtualHost>

Would like to be able to help more and debug the vgen generation somehow but as of right now I have no clue where to start!

[cytopia]

Re-opening, will have a closer look at vhost-gen.

[nicolabeghin]

Any news on this? I would like to help, if some hint can be provided!

[cytopia]

It does work on the intranet with MAIN_VHOST_SSL_TYPE=redir. However it does not work on the projects via MASS_VHOST_SSL_TYPE=redir. I am still troubleshooting this.

[nicolabeghin]

saw the commit, great work @cytopia, kudos!!!

[cytopia]

Now fixed in v1.4.0

[cytopia]

Now it is configurable via .env