From 5e4a0f0a38c844a81513f1e6e093e3add4a8e661 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Thu, 20 Jan 2022 13:46:45 -0800 Subject: [PATCH] cockpit: Explicitly redirect to HTTPS as needed for WebSockets Cockpit uses WebSockets which won't work without HTTPS. For .onion domains, we are not explicitly redirecting to HTTPS since TLS is not necessary. Ensure that Cockpit continues to work with .onion domains by explicitly redirecting to HTTPS. Tests: - Without the patch, on a normal/Onion domain run curl -kv http://{DOMAIN}/_cockpit/. Redirection does not happen. - With the patch, on a normal/Onion domain run curl -kv http://{DOMAIN}/_cockpit/. Redirection happen to https:// occurs. - Redirection is a with HTTP status code 302, the temporary redirection code. Signed-off-by: Sunil Mohan Adapa Reviewed-by: James Valleroy --- .../data/etc/apache2/conf-available/cockpit-freedombox.conf | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/plinth/modules/cockpit/data/etc/apache2/conf-available/cockpit-freedombox.conf b/plinth/modules/cockpit/data/etc/apache2/conf-available/cockpit-freedombox.conf index 001c2537f..495037bbe 100644 --- a/plinth/modules/cockpit/data/etc/apache2/conf-available/cockpit-freedombox.conf +++ b/plinth/modules/cockpit/data/etc/apache2/conf-available/cockpit-freedombox.conf @@ -8,6 +8,12 @@ ## mod_proxy_wstunnel ## + # Redirect to HTTPS in case of not already using it. This can happen since + # we don't redirect for .onion domains. + RewriteEngine on + ReWriteCond %{HTTPS} !=on + RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L] + ProxyPass http://localhost:9090/_cockpit/