DrH's picture

I thought it might be useful to document how I secure the redmine appliance. I find this useful for private setups.

It was a little messier than I thought becase for some reason in the 11.3 version the apache port 80 and 443 configs point to the same file. Sometimes I want secure only access, sometimes both. It would be nice to have these separated, as that makes it easier to redirect the secure traffic.

1. copy /etc/apache2/conf/railsapp.conf to /etc/apache2/conf/railsapp_80.conf

2. Edit /etc/apache2/sites-available/railsapp, change the virtualhost *:80 include from
  /etc/apache2/conf/railsapp.conf
to
  /etc/apache2/conf/railsapp_80.conf

This makes it nice in webmin, as it will now distinguish the virtual servers. You can make the changes in /etc/apache2/sites-available/railsapp.

If you want redmine to be secure only,

3. edit /etc/apache2/conf/railsapp-80.conf

After the line
  RewriteEngine on
Add

  # force http to https
  RewriteCond %{SERVER_PORT} !^443$
  RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=permanent]

save the file and restart apache.

I've used this on a number of private setups, and it works.

Thank you TurnkeyLinux - I really like your appliance model.

Forum: 

Add new comment