Hi all :-)
I've configured apache2 to redirect a virtual host (munin) from http to
https, I've something like this:
cat /etc/apache2/site-enabled/default
[...]
# 20140619 - munin redirect http to https
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} ^/munin/.*
RewriteRule ^(.*)$ https://server1.example.com/$1 [R,L]
[...]
munin has its default config
cat /etc/apache2/site-enabled/munin
Alias /munin /var/cache/munin/www
<Directory /var/cache/munin/www>
Order allow,deny
Allow from all ::1
Options None
AuthUserFile /etc/munin/munin-pass
AuthName "server1.example.com"
AuthType Digest
require valid-user
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault M310
</IfModule>
</Directory>
So, when I try to connect (using chrome) to
http://server1.example.com/munin, browser immediately ask me username and
password (I'm connected using http). After inserted mine credentials
(browser warn me about not trusted certificate, it's ok: I don't have a
trusted certficate). When I force it to connect using https I need
re-insert username and password and only now I can see the munin page.
Now, when I insert user and password (the first time), does that
credentials can intercepts? or I'm inside SSL tunnel?
If not, how can I configure either http://server1.example.com/munin
(secure) redirect to https://server1.example.com/munin or starting only
using https://server1.example.com/munin?
thanks for help!
Pol
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|