I am running a Mojolicious app on Hypnotoad. It is listening to port 443 and it can be accessed through https.
how can I forward all HTTP request to HTTPS?
According to this post your server listen only 443 port. So you should add another application to handle 80 port.
The best way to add nginx or apache in front of hypnotoad and do it there (redirect, rewrite).
But if you don't want to have nginx, you may write Mojolicious application
which listen two ports and have hook before_dispatch wich handle all requests and make redirect changing only scheme.
If you want i may to attempt to write such minimal example.
Upd. I decide to add example
You can't, at least not directly. While you could use iptables or similar to forward port 80 to 443, in practice that wouldn't work because the browser doesn't expect to have to do an SSL handshake for a plain HTTP URI. You have to run a trivial web app on port 80 (probably with a separate Hypnotoad or similar) that answers every request with a redirect to HTTPS -- probably either to some login page or to the same URI as requested with just the scheme changed.
Related
I set up a "Redirect to SSL" on port 80 for Domino server. When I first open browser, http requests on other ports are cool, stay http. But after I hit 80 for the first time and the browser redirects to https, all other ports are redirected to https and throw 404. The port is ignored.
When clearing browse history, everything is restored until the first redirect on 80 and the above is repeated.
The default tcp/ip port is 80 so that's not explicitly specified in the url addy box, so that's probably why the browser throws a wet blanket over all the explicit ports. It's caching on the base url...?...
I've read about 301 redirects, etc. and how it's sort of a headache. Is there something I can do about this? The only recourse I see is to dump the server redirect and code an onLoad on all 80 sites which checks protocol, if http, location.href change to https. Then ask user to bookmark new https addy. This seems to not cache the redirect. Thank you very much for any help.
An unwanted redirection happens on the host server if I browsed for https it redirects me to HTTP and notices that I haven't any redirection rule to HTTP. the odd thing is that I can browse my app in https from any other device it works well, but not from the host itself. Another thing to notice is that I can bind the site to any other https port and it works well from anywhere, but I want to use the default https port.
I'm using IIS 8.
so any help on this issue?!
Some browsers are caching redirects. You need to clear your browser's cache and try again
So I have spinnaker running behind an https load balancer and my external ports use the standard 443 which get port mapped to the spinnaker instance still on port 9000. I've gotten pretty much everything to work except a redirect from gate is still appending the :9000 port to my URL.
requests sent to https://my.url.com/gate/auth/redirect?to=https://my.url.com/#/infrastructure send back a redirect response with the location header in the 301 location:https://my.url.com:9000/gate/login which fails because the load balancer is only listening for 443. If I manually delete the port and go right to https://my.url.com/gate/login the oauth flow works as expected and once authed all deck functionality and subsequent gate queries work as expected.
In my /etc/default/spinnaker file I have
SPINNAKER_DECK_BASEURL=https://my.url.com
SPINNAKER_GATE_BASEURL=https://my.url.com/gate
in /opt/spinnaker/config/gate-googleOAuth.yml I have
spring:
oauth2:
client:
preEstablishedRedirectUri: ${SPINNAKER_GATE_BASEURL}/login
useCurrentUri: false
and I've ran /opt/spinnaker/bin/reconfigure_spinnaker.sh plus restarts to make sure deck and gate get updated. Does anyone have any ideas what I might be missing?
I figured out my problem. With the help of this issue pointing me in the right direction (https://github.com/spinnaker/spinnaker/issues/1112) and some digging I found that the issue was with apache2 and the reverse proxy back to gate.
ProxyPassReverse
This directive lets Apache httpd adjust the URL in the Location, Content-Location
and URI headers on HTTP redirect responses. This is essential when Apache httpd
is used as a reverse proxy (or gateway) to avoid bypassing the reverse proxy because
of HTTP redirects on the backend servers which stay behind the reverse proxy.
from apache2 documentation https://httpd.apache.org/docs/current/mod/mod_proxy.html#proxypassreverse
I'm using a package that connects to a database and presents the database schema as APIs. The package provides the service as a webserver. I can choose to use any port, but it's still HTTP. Even if I run it with port 443, requests must be in the form of http://mydomain:443/
I may be forced to provide the service through SSL. Is it possible to run a webserver which would redirect HTTPS requests to redirect to the package running HTTP on port 80, with the outgoing traffic going back through the webserver to clients as SSL? Essentially, I need some kind of wrapper around the existing app to provide SSL.
If such a thing is possible, which webserver would be the best choice and easiest to administer on Linux?
I have a working setup using a hardware load balancer that controls redirection in such a fashion that all requests to http://example.com/login/* are redirected (using HTTP 302) to https://example.com/login/* and all requests that are NOT for /login are inversely redirected from HTTPS to HTTP.
This allows me to wrap the login functions and user/password exchange in SSL but otherwise avoid slowing connections with encryption and also solving some problems with embedded content mixed content warnings in some browsers.
The load balance, however, is end of life and I am looking for a replacement solution, preferably in software.
I think HAproxy is going to be able to serve as my load balacing solution, but I have only been able to find configuration examples and documentation for redirecting everything from HTTP to HTTPS, or vice versa.
Is it possible to do what I am proposing using HAproxy or should I look for a different solution?
I realize I will need to use the development version of HAproxy to support SSL at all.
I would suggest you do not use a DEV build for your production environment.
To answer your question, I would assume you're going to use HAProxy version 1.4:
Is it possible to do what I am proposing using HAProxy or should I look for a different solution?
Yes. It is possible but you have to use another software to handle the HTTPS traffic. Stunnel is proven to be good in this. So I'd say the setup is going to be:
HAProxy 1.4
# Redirect http://../login to https://../login
frontend HTTPSRedirect
bind 1.2.3.4:80
default_backend AppServers
redirect prefix https://www.domain.com/login if { path_beg -i /login }
# Handler for requests coming from Stunnel4.
frontend HTTPReceiver
bind 5.6.7.8:80
default_backend AppServers
Stunnel4
[https]
accept=443
connect=5.6.7.8:80 (HAProxy IP)