You are here
I thought it might be useful to document how I secure the redmine appliance. I find this useful for private setups.
It was a little messier than I thought becase for some reason in the 11.3 version the apache port 80 and 443 configs point to the same file. Sometimes I want secure only access, sometimes both. It would be nice to have these separated, as that makes it easier to redirect the secure traffic.
1. copy /etc/apache2/conf/railsapp.conf to /etc/apache2/conf/railsapp_80.conf
2. Edit /etc/apache2/sites-available/railsapp, change the virtualhost *:80 include from
/etc/apache2/conf/railsapp.conf
to
/etc/apache2/conf/railsapp_80.conf
This makes it nice in webmin, as it will now distinguish the virtual servers. You can make the changes in /etc/apache2/sites-available/railsapp.
If you want redmine to be secure only,
3. edit /etc/apache2/conf/railsapp-80.conf
After the line
RewriteEngine on
Add
# force http to https
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R=permanent]
save the file and restart apache.
I've used this on a number of private setups, and it works.
Thank you TurnkeyLinux - I really like your appliance model.
Add new comment