Re: [omd-users] OMD & SSL

2016-12-06 Thread Chris Moody 
Sorry for the spam earlier - I was finally able to get things running
behind the second option (nginx as an https proxy).

Cheers,
-Chris

On 12/6/16 11:57 AM, Chris Moody wrote:
> Hello all.
>
> Wanted to first thank everyone for their work to streamline and
> integrate so many pieces together in such a cool package.  I'm a huge
> fan of the OMD model.  I used to have a bunch of custom routines I had
> built that were trying to accomplish some of the same goals, but this
> approach is -so- much better.
>
> I could use a hand though with what should hopefully be something
> simple that I just haven't come across in the Docs.  I need to make
> all my instances SSL only instead of just plaintext http.  Even if
> it's just the login page that's SSL, my user-base will not be
> comfortable with plaintext http logins.
>
> I've tried tinkering a bit with apache's config, but attempting
> rewrite rules in the main system 000-default.conf seem to cause other
> problems with things like the thruk login cgi.  There seems to be too
> much redirecting and linking internally to non-https URLs basically
> that some links are working where others are not.  I've not given up
> with this approach but it's definitely behaving more finicky than I
> had anticipated.
>
> ex>
> =[ Documented here: https://mathias-kettner.de/cms_omd_https.html
> RewriteEngine On
> RewriteCond %{SERVER_PORT} !^443$
> RewriteRule (.*) https://%{HTTP_HOST}/$1 [L]
>
>
> I also attempted a quick pass at using nginx on the same host to proxy
> back all calls to the http apache daemon, but it was having troubles
> with passing frames through when proxying, so I found myself going
> down the rabbithole of disabling frames...but then also was running
> into some links not proxying correctly (the login cgi being the first
> case).  I've also not given up on this approach either but it as well
> is being a bit more finicky that I anticipated.
>
>
> Has anyone implemented a total https OMD setup (multisite)...or are
> there docs/references that give clues as to how best to accomplish this?
> Any pointers to help smooth the path would be greatly appreciated.
>
> Cheers,
> -Chris
>
>
> ___
> omd-users mailing list
> omd-users@lists.mathias-kettner.de
> http://lists.mathias-kettner.de/mailman/listinfo/omd-users



signature.asc
Description: OpenPGP digital signature
___
omd-users mailing list
omd-users@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/omd-users

[omd-users] OMD & SSL

2016-12-06 Thread Chris Moody 
Hello all.

Wanted to first thank everyone for their work to streamline and
integrate so many pieces together in such a cool package.  I'm a huge
fan of the OMD model.  I used to have a bunch of custom routines I had
built that were trying to accomplish some of the same goals, but this
approach is -so- much better.

I could use a hand though with what should hopefully be something simple
that I just haven't come across in the Docs.  I need to make all my
instances SSL only instead of just plaintext http.  Even if it's just
the login page that's SSL, my user-base will not be comfortable with
plaintext http logins.

I've tried tinkering a bit with apache's config, but attempting rewrite
rules in the main system 000-default.conf seem to cause other problems
with things like the thruk login cgi.  There seems to be too much
redirecting and linking internally to non-https URLs basically that some
links are working where others are not.  I've not given up with this
approach but it's definitely behaving more finicky than I had anticipated.

ex>
=[ Documented here: https://mathias-kettner.de/cms_omd_https.html
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}/$1 [L]


I also attempted a quick pass at using nginx on the same host to proxy
back all calls to the http apache daemon, but it was having troubles
with passing frames through when proxying, so I found myself going down
the rabbithole of disabling frames...but then also was running into some
links not proxying correctly (the login cgi being the first case).  I've
also not given up on this approach either but it as well is being a bit
more finicky that I anticipated.


Has anyone implemented a total https OMD setup (multisite)...or are
there docs/references that give clues as to how best to accomplish this?
Any pointers to help smooth the path would be greatly appreciated.

Cheers,
-Chris


signature.asc
Description: OpenPGP digital signature
___
omd-users mailing list
omd-users@lists.mathias-kettner.de
http://lists.mathias-kettner.de/mailman/listinfo/omd-users