nik/FreedomBox
1
0
Fork 0
mirror of https://github.com/freedombox/FreedomBox.git synced 2026-05-20 10:34:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

cockpit: Explicitly redirect to HTTPS as needed for WebSockets

Browse Source 
Cockpit uses WebSockets which won't work without HTTPS. For .onion domains, we
are not explicitly redirecting to HTTPS since TLS is not necessary. Ensure that
Cockpit continues to work with .onion domains by explicitly redirecting to
HTTPS.

Tests:

- Without the patch, on a normal/Onion domain run curl -kv
http://{DOMAIN}/_cockpit/. Redirection does not happen.

- With the patch, on a normal/Onion domain run curl -kv
http://{DOMAIN}/_cockpit/. Redirection happen to https:// occurs.

- Redirection is a with HTTP status code 302, the temporary redirection code.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This commit is contained in:
Sunil Mohan Adapa 2022-01-20 13:46:45 -08:00 committed by James Valleroy
parent a1521e5d0a
commit 5e4a0f0a38
No known key found for this signature in database
GPG Key ID: 77C0C75E7B650808
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
plinth/modules/cockpit/data/etc/apache2/conf-available/cockpit-freedombox.conf
View File

@ -8,6 +8,12 @@
## mod_proxy_wstunnel ## mod_proxy_wstunnel
## ##
<Location /_cockpit/> <Location /_cockpit/>
# Redirect to HTTPS in case of not already using it. This can happen since
# we don't redirect for .onion domains.
RewriteEngine on
ReWriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]
ProxyPass http://localhost:9090/_cockpit/ ProxyPass http://localhost:9090/_cockpit/
</Location> </Location>