Project

General

Profile

Actions
Copy link

Enhancement #572

closed

HTTPS for All

Added by Marc Dequènes almost 7 years ago. Updated almost 6 years ago.

Status:
Resolved
Priority:
High
Assignee:
Marc Dequènes
Category:
Service :: Web
Start date:
2017-06-25
Due date:
% Done:

100%

Estimated time:
Patch Available:
Confirmed:
No
Branch:
Entity:
DuckCorp
Security:
Yes
Help Needed:

Description

For security reasons (some sites may have auth, like user-managed sites), and privacy reasons, all websites should have a redirect to HTTPS. We should also activate HSTS (but this would be handled in #571)

These sites do not have TLS at all:

./andesi/dpt.andesi.org
./andesi/guide.andesi.org
./arnau/photos.mini-dweeb.org
./arnau/wotomae.debian.net
./arnau/www.mini-dweeb.org
./clawfire/www.clawfire.net
./damien/alt.oxmoz.eu
./damien/debian.fensalir.fr
./damien/dleone.fensalir.fr
./damien/www.aldaaron.fr
./damien/www.fensalir.fr
./duck/cdbs-doc.duckcorp.org
./duckcorp/ca.duckcorp.org
./duckcorp/coin-diff.duckcorp.org
./duckcorp/dico.duckcorp.org
./duckcorp/doc.duckcorp.org
./duckcorp/photos-ng.duckcorp.org
./duckcorp/smokeping.duckcorp.org
./duck/jdr.duckcorp.org
./finger/mushdoom.lespotos.com
./finger/pyro.lespotos.com
./finger/www.clan-hnk.com
./finger/www.lespotos.com
./georgesleyeti/albums.georgesleyeti.fr
./georgesleyeti/www.georgesleyeti.fr
./georgesleyeti/www.xn--mah-dma.net
./gorou/forum.tetramorphe.org
./gorou/wiki.tetramorphe.org
./guihome/2heurespourtuer.ath.cx
./guihome/archives-clap.guihome.net
./guihome/archives.guihome.net
./guihome/photos.guihome.net
./guihome/video.guihome.net
./guihome/webcam.guihome.net
./guihome/www.collectioneuro.eu
./happypeng/live.happypeng.org
./happypeng/midtalk.happypeng.org
./happypeng/nihon.happypeng.org
./hurdfr/perso.hurdfr.org
./hurdfr/wiki.hurdfr.org
./hurdfr/www.hurdfr.org
./laura/www.laurafontaine.fr
./milkypond/tribioune.milkypond.org
./pikachu/photos.audrey-et-arnaud.org
./pikachu/www.audrey-et-arnaud.org
./valfor/mariage-cecile-yann.duckcorp.org
./xaiki/www.evilgiggle.com

Some may not be activated but these are the most affected.

Also some site may support TLS but not redirect to it, and we should spot them too.

We could also make the config more similar. I was thinking about using the httpd OSAS role but important changes are not merged and several others would be needed. We could at the moment borrow these lines to replace the RedirectMatch:

RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI}

It seems it would be treated as an external redirect automagically but using a temporary redirect. So maybe adding [R=permanent] flag would be better. I did not test it yet.

Related issues 2 (0 open2 closed)

Related to DuckCorp Infrastructure - Enhancement #571: Secure HTTP settingsResolvedMarc Dequènes2017-06-25

Actions
Related to DuckCorp Infrastructure - Enhancement #599: Use letsencrypt for public-facing websites… maybe moreResolvedMarc Dequènes2017-09-26

Actions
Actions
Copy link
 #1

Updated by Marc Dequènes almost 7 years ago

  • Category set to Service :: Web
  • Assignee set to DC Admins
  • Priority changed from Normal to High
  • Security set to Yes
Actions
Copy link
 #2

Updated by Marc Dequènes almost 7 years ago

Actions
Copy link
 #3

Updated by Marc Dequènes over 6 years ago

  • Assignee deleted (DC Admins)
Actions
Copy link
 #4

Updated by Marc Dequènes over 6 years ago

  • Related to Enhancement #599: Use letsencrypt for public-facing websites… maybe more added
Actions
Copy link
 #5

Updated by Marc Dequènes over 6 years ago

  • Status changed from New to In Progress
  • Assignee set to Marc Dequènes

dico.duckcorp.org lacked HTTPS, so it is done with Let's Encrypt now.

Actions
Copy link
 #6

Updated by Marc Dequènes over 6 years ago

New list after cleanup (#568):

sites-available/milkypond/tribioune.milkypond.org
sites-available/duck/jdr.duckcorp.org
sites-available/duck/cdbs-doc.duckcorp.org
sites-available/georgesleyeti/www.xn--mah-dma.net
sites-available/georgesleyeti/albums.georgesleyeti.fr
sites-available/georgesleyeti/www.georgesleyeti.fr
sites-available/happypeng/nihon.happypeng.org
sites-available/happypeng/midtalk.happypeng.org
sites-available/duckcorp/ca.duckcorp.org
sites-available/duckcorp/smokeping.duckcorp.org
sites-available/duckcorp/photos-ng.duckcorp.org
sites-available/duckcorp/doc.duckcorp.org
sites-available/arnau/www.mini-dweeb.org
sites-available/guihome/www.collectioneuro.eu
sites-available/guihome/webcam.guihome.net
sites-available/guihome/2heurespourtuer.ath.cx
sites-available/guihome/video.guihome.net
sites-available/guihome/photos.guihome.net
sites-available/guihome/archives-clap.guihome.net
sites-available/guihome/archives.guihome.net
sites-available/laura/www.laurafontaine.fr

Actions
Copy link
 #7

Updated by Marc Dequènes almost 6 years ago

  • % Done changed from 0 to 90
New list after several sites where fixed:
  • on Toushirou:
    0_duckcorp/doc.duckcorp.org
guihome/www.collectioneuro.eu
guihome/2heurespourtuer.ath.cx
laura/www.laurafontaine.fr   (to be removed soon)
  • on Orfeo:
    0_duckcorp/ntp.duckcorp.org
Actions
Copy link
 #8

Updated by Marc Dequènes almost 6 years ago

On Thorfinn, `static.perso.duckcorp.org` is missing the redirect.

Actions
Copy link
 #9

Updated by Marc Dequènes almost 6 years ago

Remains:
  • doc.duckcorp.org
  • static.perso.duckcorp.org
Actions
Copy link
 #10

Updated by Marc Dequènes almost 6 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 90 to 100
Actions
Copy link

Also available in: Atom PDF