permanent redirect to https not working properly with Thruk 2.20
André Weidemann
Hi,
I am running Thruk 2.20 on Ubuntu 16.04 as a backend to Icinga2.
After setting up Thruk and making sure it worked properly, I decided to make sure that access to the side runs over https only.
Therefore, I added a permanent redirect to the virtualhost on port 80:
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^ https://my-thruk-machine.de%{REQUEST_URI} [L,R=301]
Upon this change I was not able to log into Thruk anymore.
The following error
message was displayed upon login:
"technical problem during login, please have a look at the logfiles."
Looking into the apache2/error.log I found this:
auth: expected code 401, got 301
$VAR1 = bless( {
'_content' => '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://my-thruk-machine.de /thruk/cgi-bin/restricted.cgi">here</a>.</p>
<hr>
<address>Apache/2.4.18 (Ubuntu) Server at localhost Port 80</address>
</body></html>
',
'_headers' => bless( {
'::std_case' => {
'base' => 'Base',
'client-date' => 'Client-Date',
'client-peer' => 'Client-Peer',
'client-response-num' => 'Client-Response-Num',
'content-base' => 'Content-Base',
'title' => 'Title'
},
'client-date' => 'Tue, 05 Jun 2018 07:49:22 GMT',
'client-peer' => '127.0.0.1:80',
'client-response-num' => 1,
'connection' => 'close',
'content-length' => '344',
'content-type' => 'text/html; charset=iso-8859-1',
'date' => 'Tue, 05 Jun 2018 07:49:22 GMT',
'location' => 'https://my-thruk-machine.de /thruk/cgi-bin/restricted.cgi',
'server' => 'Apache/2.4.18 (Ubuntu)',
'title' => '301 Moved Permanently'
}, 'HTTP::Headers' ),
'_msg' => 'Moved Permanently',
I then added a RewriteCond entry...:
RewriteCond %{SERVER_PORT} !^443$
RewriteCond %{REQUEST_URI} !^/thruk/cgi-bin/restricted.cgi
RewriteRule ^ https://my-thruk-machine.de %{REQUEST_URI} [L,R=301]
so it would not redirect on calls to " thruk/cgi-bin/restricted.cgi".
I think
the cause lies in line 530 in /usr/share/thruk/lib/Thruk/Config.pm where the URL is hardcoded:
'cookie_auth_restricted_url' => 'http://localhost/thruk/cgi-bin/restricted.cgi',
Is there a more elegant way to force Thruk into https only? Since the call goes to localhost, I do not really consider it a problem. But the approach is just not straight forward.
Any help would be greatly appreciated.
Thanks a lot in advance.
With Kind Regards
André Weidemann
Sven Nierlein
there is a guide available for centos, but you should be able to adopt that to ubuntu:
https://thruk.org/documentation/faq.html#enable-https-tls-ssl-in-apache-webserver-for-thruk
Basically the only 2 commons mistakes are the missing include in the ssl vhost and you
need to update the cookie auth url.
Cheers,
Sven
> --
> You received this message because you are subscribed to the Google Groups "Thruk" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to thruk+un...@googlegroups.com <mailto:thruk+un...@googlegroups.com>.
> For more options, visit https://groups.google.com/d/optout.
Marco Musso
André Weidemann
Hi,there is a guide available for centos, but you should be able to adopt that to ubuntu:
https://thruk.org/documentation/faq.html#enable-https-tls-ssl-in-apache-webserver-for-thrukBasically the only 2 commons mistakes are the missing include in the ssl vhost and you
need to update the cookie auth url.Cheers,
Sven
I took a look at above URL.
adding "cookie_auth_restricted_url = https://localhost/thruk/cgi-bin/restricted.cgi" at the end of /etc/thruk/thruk_local.conf did the trick.
Thanks a lot.
André