[BlueOnyx:26309] BlueOnyx 5209R/5210R/5211R: Force Vsite HTTP traffic to HTTPS

[Michael Stauber]

Hi all,

Earlier today Ken Hohhof asked about forcing all HTTP traffic to HTTPS 
on a 5208R and it got me thinking: This day and age this is actually 
something the GUI should do for us.

However, a .htaccess with ...

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

... in it will only work well if Nginx isn't used as SSL proxy. Which is 
a configurable GUI option on all modern BlueOnyx. If Nginx *is* used as 
SSL proxy? Then the .htaccess needs to use this instead:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Otherwise Nginx and Apache play flipper with the HTTP request and enter 
an (almost) endless loop.

And even then: .htaccess might not be allowed on the server in first 
place. So ... let's do this properly and inside the <VirtualHost> 
container instead.

On BlueOnyx 5209R, 5210R and 5211R I therefore now added "Force HTTPS" 
as a configurable GUI option. You can find it under "Site Management" / 
<Vsite> / SSL as shown in the screenshot below.

It will take into account if you're using Nginx as SSL proxy or not and 
will set the correct RewriteCond and RewriteRule directly into the 
<VirtualHost> container of the Vsite. Therefore you don't need an 
.htaccess file in /web of the Vsite for this anymore.

Naturally: You can only tick this checkbox if you're "admin" (or a 
server-admin with sufficient privileges) and if the Vsite has SSL 
enabled in first place.

This new feature was sponsored by Ken Hohhof and is now available as YUM 
update for BlueOnyx 5209R/5210R/5211R. Many thanks, Ken!

-- 
With best regards

Michael Stauber
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Force_HTTPS.png
Type: image/png
Size: 143100 bytes
Desc: not available
URL: <http://mail.blueonyx.it/pipermail/blueonyx/attachments/20230621/70cbe821/attachment.png>