Project

General

Profile

Actions
Copy link

Enhancement #572

closed

HTTPS for All

Added by Marc Dequènes almost 7 years ago. Updated almost 6 years ago.

Status:
Resolved
Priority:
High
Assignee:
Marc Dequènes
Category:
Service :: Web
Start date:
2017-06-25
Due date:
% Done:

100%

Estimated time:
Patch Available:
Confirmed:
No
Branch:
Entity:
DuckCorp
Security:
Yes
Help Needed:

Description

For security reasons (some sites may have auth, like user-managed sites), and privacy reasons, all websites should have a redirect to HTTPS. We should also activate HSTS (but this would be handled in #571)

These sites do not have TLS at all:

./andesi/dpt.andesi.org
./andesi/guide.andesi.org
./arnau/photos.mini-dweeb.org
./arnau/wotomae.debian.net
./arnau/www.mini-dweeb.org
./clawfire/www.clawfire.net
./damien/alt.oxmoz.eu
./damien/debian.fensalir.fr
./damien/dleone.fensalir.fr
./damien/www.aldaaron.fr
./damien/www.fensalir.fr
./duck/cdbs-doc.duckcorp.org
./duckcorp/ca.duckcorp.org
./duckcorp/coin-diff.duckcorp.org
./duckcorp/dico.duckcorp.org
./duckcorp/doc.duckcorp.org
./duckcorp/photos-ng.duckcorp.org
./duckcorp/smokeping.duckcorp.org
./duck/jdr.duckcorp.org
./finger/mushdoom.lespotos.com
./finger/pyro.lespotos.com
./finger/www.clan-hnk.com
./finger/www.lespotos.com
./georgesleyeti/albums.georgesleyeti.fr
./georgesleyeti/www.georgesleyeti.fr
./georgesleyeti/www.xn--mah-dma.net
./gorou/forum.tetramorphe.org
./gorou/wiki.tetramorphe.org
./guihome/2heurespourtuer.ath.cx
./guihome/archives-clap.guihome.net
./guihome/archives.guihome.net
./guihome/photos.guihome.net
./guihome/video.guihome.net
./guihome/webcam.guihome.net
./guihome/www.collectioneuro.eu
./happypeng/live.happypeng.org
./happypeng/midtalk.happypeng.org
./happypeng/nihon.happypeng.org
./hurdfr/perso.hurdfr.org
./hurdfr/wiki.hurdfr.org
./hurdfr/www.hurdfr.org
./laura/www.laurafontaine.fr
./milkypond/tribioune.milkypond.org
./pikachu/photos.audrey-et-arnaud.org
./pikachu/www.audrey-et-arnaud.org
./valfor/mariage-cecile-yann.duckcorp.org
./xaiki/www.evilgiggle.com

Some may not be activated but these are the most affected.

Also some site may support TLS but not redirect to it, and we should spot them too.

We could also make the config more similar. I was thinking about using the httpd OSAS role but important changes are not merged and several others would be needed. We could at the moment borrow these lines to replace the RedirectMatch:

RewriteCond %{HTTPS} off
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI}

It seems it would be treated as an external redirect automagically but using a temporary redirect. So maybe adding [R=permanent] flag would be better. I did not test it yet.

Related issues 2 (0 open2 closed)

Related to DuckCorp Infrastructure - Enhancement #571: Secure HTTP settingsResolvedMarc Dequènes2017-06-25

Actions
Related to DuckCorp Infrastructure - Enhancement #599: Use letsencrypt for public-facing websites… maybe moreResolvedMarc Dequènes2017-09-26

Actions
Actions
Copy link

Also available in: Atom PDF