Tutorials and How-tos/Redirect all connections over HTTPS

From BubbaWiki
Jump to: navigation, search

HTTPS allows secure communication using SSL/TLS v3. This prevents your communication from being sniffed unless the SSL certificate is intercepted.

This change will make all requests automatically go through HTTPS instead of HTTP. For example if a user types http://mybubba.com, he will automatically be
redirected to https://mybubba.com. You only need to change this to apply to all http requests. This includes remotely logging into bubba using Horde to access e-mail securely.
We assume that mod_rewrite is alredy enabled. This was tested on Bubba 2.0.4
This step is optional, but it is recommended to change the main admin page from general public and put your own page instead.

Caution
This change will make your Bubba Photo Album stop working, at least with firmware 2.4.1, and 2.4.1.1. So if you want to use the photo album, please refrain from applying these changes (for the time being).

First of all login using SSH and then enter the following command for root access:

su

Now we need to create a backup of the original index file and create a new index file. This will present a blank page when users go to http://mybubba. If they need to login to the admin interface, they need to go to http://mybubba/admin
The point is to put your own content here to the general public, such as information about the site.

cd /home/web
mv index.html index.backup
touch index.html

We create a backup of the file we need to edit:

cp /etc/apache2/sites-available/bubba bubba.backup

Now we need to edit the file:

nano /etc/apache2/sites-available/bubba

Delete all the content between the following lines, so it looks like this:

<VirtualHost *:80>
</VirtualHost>

Now add the following lines so it looks like this:

<VirtualHost *:80>

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

</VirtualHost>

Now save the file and restart Apache web server. You may get a warning, just ignore it.

apache2ctl configtest
apache2ctl restart

Now all connections should be redirected automatically to port 443. Test by typing http://yourbubbaserveraddress. You may replace the SSL certificate with your own but that is beyond the scope of this tutorial.