> On 27 Mar 2016, at 16:30, Sylvain Munaut <[email protected]> wrote:
>
>> this is now in place and the old domains are now using X509 certs of
>> letsencrypt.
>
> Do you know if redmine supports going to HTTPS only (i.e. redir http
> to https). I changed the "protocol" to HTTPS in the admin panel but
> that had no effect afaict.
I don't know.
> I would prefer to be HTTPS only and also have the session cookie have
> the "Secure" flag (so they're never sent over plain HTTP)
I added:
proxy_set_header X-Forwarded-Ssl on;
to the nginx config in the hope that redmine makes use of that instead of the
X-Forwarded-Proto. If it matters to you deeply we can make a general http ->
https redirect.
holger
