HTTPS configuration redirects to HTTP pages
51 views
Skip to first unread message
Léo HARDY
May 25, 2023, 5:08:34 AM5/25/23
to xnat_discussion
Hi,
I would like to secure my XNAT instance with a TLS encryption.
I have XNAT running with docker compose from the dependency-mgmt-branch, running with version 1.8.3.
I have created a certificate and a private key with open ssl:
I've modified the docker-compose.yml file such as
and the traefic/config/traefik.yml file such as:
I would like to secure my XNAT instance with a TLS encryption.
I have XNAT running with docker compose from the dependency-mgmt-branch, running with version 1.8.3.
I have created a certificate and a private key with open ssl:
openssl req -x509 -nodes -newkey rsa:4096 -keyout privkey.pem -out cert.pem -sha256 -days 3650 -subj '/CN=server'
I've modified the docker-compose.yml file such as
diff --git a/server/thera_data/xnat-docker-compose/docker-compose.yml b/server/thera_data/xnat-docker-compose/docker-compose.yml
index b381fc307..de12aa6c5 100644
--- a/server/thera_data/xnat-docker-compose/docker-compose.yml
+++ b/server/thera_data/xnat-docker-compose/docker-compose.yml
@@ -8,15 +8,18 @@ services:
networks:
- xnat-services
command:
- - --entrypoints.web.address=:80
+ - --entrypoints.web.http.redirections.entryPoint.to=websecure
+ - --entrypoints.web.http.redirections.entryPoint.scheme=https
- --providers.docker=true
ports:
- "80:80"
+ - "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik/config/traefik.yml:/etc/traefik/traefik.yml
- ./traefik-data/logs:/var/log
+ - /opt/xnat/app_data/certs:/etc/traefik/certs
labels:
- "traefik.enable=true"
- "traefik.http.middlewares.strip-routes.stripprefix.prefixes=/pacs"
@@ -27,6 +30,8 @@ services:
- "traefik.http.routers.traefik_dash.rule=PathPrefix(`/dashboard`)"
- "traefik.http.routers.traefik_dash.middlewares=service-redirect@docker,strip-routes@docker"
- "traefik.http.services.traefik_dash.loadbalancer.server.port=8080"
+ - "traefik.http.routers.xnat-web-secure.entrypoints=websecure"
+ - "traefik.http.routers.xnat-web-secure.tls=true"
xnat-web:
container_name: xnat-web
@@ -62,6 +67,7 @@ services:
labels:
- "traefik.http.routers.xnat-web.rule=PathPrefix(`/`)"
- "traefik.http.services.xnat-web.loadbalancer.server.port=8080"
+ - "traefik.http.routers.xnat-web.tls=true"
volumes:
- ./xnat-data/archive:/data/xnat/archive
- ./xnat-data/build:/data/xnat/build
and the traefic/config/traefik.yml file such as:
diff --git a/server/thera_data/xnat-docker-compose/traefik/config/traefik.yml b/server/thera_data/xnat-docker-compose/traefik/config/traefik.yml
index 3446a96e2..37b636b38 100644
--- a/server/thera_data/xnat-docker-compose/traefik/config/traefik.yml
+++ b/server/thera_data/xnat-docker-compose/traefik/config/traefik.yml
@@ -11,9 +11,27 @@ api:
insecure: true
log:
- level: INFO
+ level: DEBUG
filePath: "/var/log/traefik.log"
accessLog:
filePath: "/var/log/access.log"
+entryPoints:
+ web:
+ address: ":80"
+ websecure:
+ address: ":443"
+
+tls:
+ certificates:
+ - certFile: "/etc/traefik/certs/cert.pem"
+ keyFile: "/etc/traefik/certs/privkey.pem"
+ stores:
+ - default
+
+stores:
+ default:
+ defaultCertificate:
+ certFile: "/etc/traefik/certs/cert.pem"
+ keyFile: "/etc/traefik/certs/privkey.pem"
Now, when I connect to https://server (on which I should access my XNAT as I've not change tomcat ROOT.war):
- I get redirected to http:///server/app/template/Login.vm ( ! not https)
- I can change manually the url to https:///server/app/template/Login.vm and connect normally
- then I got redirected to http://server ( ! not https)
- if I force manually to https://server I have my normal XNAT home page with my projects and everything works fine from this point
But I would really like to find a way that user don't have to change the http to https manually twice before connecting.
Would anyone have an idea of what's happening here?
Any help will be much appreciated, thanks in advance,
Léo
- I get redirected to http:///server/app/template/Login.vm ( ! not https)
- I can change manually the url to https:///server/app/template/Login.vm and connect normally
- then I got redirected to http://server ( ! not https)
- if I force manually to https://server I have my normal XNAT home page with my projects and everything works fine from this point
But I would really like to find a way that user don't have to change the http to https manually twice before connecting.
Would anyone have an idea of what's happening here?
Any help will be much appreciated, thanks in advance,
Léo
Léo HARDY
May 25, 2023, 10:12:21 AM5/25/23
to xnat_discussion
It finally worked by adding this to the traefik.yml
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443
Reply all
Reply to author
Forward
0 new messages