Opened 5 years ago
Closed 5 years ago
#2428 closed defect (fixed)
Pages on staging.grass.osgeo.org without https
| Reported by: | neteler | Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | Unplanned |
| Component: | SysAdmin | Keywords: | |
| Cc: |
Description
At time the new upcoming GRASS GIS server struggles with https:
http://staging.grass.osgeo.org/ is not redirected to https
all pages on the server are without https, like http://staging.grass.osgeo.org/contribute/development/
See also original issue at https://github.com/OSGeo/grass-website/issues/26
I have no idea where that needs to be fixed..
Change History (4)
comment:1 by , 5 years ago
comment:2 by , 5 years ago
For future reference commit
https://git.osgeo.org/gitea/sac/osgeo7/commit/495143e3ff441347f0d56a4b46d15a001faea9c6
diff --git a/etc/nginx/sites-available/grass.osgeo.org b/etc/nginx/sites-available/grass.osgeo.org
index 31fd76d..03d3b83 100644
--- a/etc/nginx/sites-available/grass.osgeo.org
+++ b/etc/nginx/sites-available/grass.osgeo.org
@@ -1,7 +1,6 @@
server {
server_name staging.grass.osgeo.org;
server_name grass.osgeo.org;
- listen 80 proxy_protocol; # managed by Certbot
set_real_ip_from 140.211.15.0/24;
real_ip_header proxy_protocol;
@@ -18,10 +17,29 @@ server {
proxy_redirect off;
}
- listen 443 ssl; # managed by Certbot
+ listen 443 ssl proxy_protocol; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/staging.grass.osgeo.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/staging.grass.osgeo.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
+server {
+ if ($host = staging.grass.osgeo.org) {
+ return 301 https://$host$request_uri;
+ } # managed by Certbot
+
+ if ($host = grass.osgeo.org) {
+ return 301 https://$host$request_uri;
+ } # managed by Certbot
+
+
+
+ server_name staging.grass.osgeo.org;
+ server_name grass.osgeo.org;
+ listen 80 proxy_protocol;
+ return 404; # managed by Certbot
+
+
+}
+
then did
nginx -t #verify config has no typos systemctl reload nginx
comment:3 by , 5 years ago
To have your logs properly log ip on apache, you can add the following lines to your sites-available/whatever-confs
RemoteIPHeader X-Real-IP
RemoteIPInternalProxy nginx.lxd
and then in your /etc/apache2/apache2.conf you should change the %h to %a
in the LogFormat sections
This video describes it pretty well I think
comment:4 by , 5 years ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Thanks so much for your speedy support @robe, seems to work smoothly now.
Closing.
Okay I changed to force https and also added a setting I missed to add proxy_protocol for https.