Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Updated www/ssl.wiki to cover the new "Redirect to HTTPS" setting and to add recovery methods for the case where enabling it causes a redirect loop. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
226b14fc72e65bf783e1ac3ccd23be68 |
User & Date: | wyoung 2019-01-22 03:01:49 |
Context
2019-01-22
| ||
03:02 | Fixed a Markdown-ism in previous check-in: 485eda76 user: wyoung tags: trunk | |
03:01 | Updated www/ssl.wiki to cover the new "Redirect to HTTPS" setting and to add recovery methods for the case where enabling it causes a redirect loop. check-in: 226b14fc user: wyoung tags: trunk | |
02:52 | Updated the Security-Audit page to better handle the change from the old https-login setting to the new redirect-to-https setting. check-in: 37918a1f user: wyoung tags: trunk | |
Changes
Changes to www/ssl.wiki.
201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 |
To use TLS encryption in cloning and syncing to a remote Fossil repository, be sure to use the <tt>https:</tt> URI scheme in <tt>clone</tt> and <tt>sync</tt> commands. If your server is configured to serve the repository via both HTTP and HTTPS, it's easy to accidentally use unencrypted HTTP if you forget the all-important 's'. There is a setting in the Fossil UI under Admin → Access called "Redirect to HTTPS on the Login page." This setting is not enabled by default. This setting does not automatically upgrade clones and syncs done via the <tt>http</tt> URI scheme. It only affects web UI access to the Fossil repository. <b id="rloop">WARNING:</b> Never enable this setting when running Fossil behind an HTTPS proxy with Fossil running underneath it via HTTP or SCGI. This will cause an infinite redirect loop any time someone tries to log into the web UI. Fossil sees that it's being accessed via HTTP, so it redirects the browser to an HTTPS equivalent URL, which causes the client to hit the HTTPS front end proxy up again for access, which causes Fossil to see that it's being accessed via HTTP, so it redirects the client to...'round and 'round it goes until the web browser detects it's in a redirect loop and gives up. If you wish to enforce TLS-only access to a Fossil web server, it is best done at the HTTPS front-end proxy layer, not by use of Fossil-level settings like this one. The [./tls-nginx.md|nginx TLS proxy guide] shows one way to achieve this, for example. <h2>Terminology Note</h2> This document is called <tt>ssl.wiki</tt> for historical reasons. The TLS protocol was originally called SSL, and it went through several revisions before being replaced by TLS. Years before this writing, SSL |
| | | | < > > > > > | < < < < | | > > | | > > > > > > > > > > > > > > | < > | | |
201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 |
To use TLS encryption in cloning and syncing to a remote Fossil repository, be sure to use the <tt>https:</tt> URI scheme in <tt>clone</tt> and <tt>sync</tt> commands. If your server is configured to serve the repository via both HTTP and HTTPS, it's easy to accidentally use unencrypted HTTP if you forget the all-important 's'. As of Fossil 2.8, there is a setting in the Fossil UI under Admin → Access called "Redirect to HTTPS," which is set to "Off" by default. Changing this only affects web UI access to the Fossil repository. It doesn't affect clones and syncs done via the <tt>http</tt> URI scheme. In Fossil 2.7 and earlier, there was a much weaker form of this setting affecting the <tt>/login</tt> page only. If you're using this setting, you should migrate to the new setting as soon as possible, because the old setting allows multiple ways of defeating it. <b id="rloop">WARNING:</b> Enabling HTTPS redirects at the Fossil repo level while running Fossil behind an HTTPS proxy can result in an infinite redirect loop. It happens when the proxy mechanism presents "`http`" URIs to Fossil, so Fossil issues a redirect, so the browser fetches the page again, causing Fossil to see an "`http`" URI again, so it issues a redirect...'round and 'round it goes until the web browser detects it's in a redirect loop and gives up. This problem prevents you from getting back into the Admin UI to fix it, but there are several ways to fix it: # <p><b>Reset via CLI.</b> You can turn the setting back off from the CLI with the command "<tt>fossil -R /path/to/repo.fossil set redirect-to-https 0</tt>". (Currently doesn't work.)</p> # <p><b>Backup first.</b> This setting is stored in the Fossil repository, so if you make a backup first <i>on the server</i>, you can restore the repo file if enabling this feature creates a redirect loop.</p> # <p><b>Download, fix, and restore.</b> You can copy the remote repository file down to a local machine, use <tt>fossil ui</tt> to fix the setting, and then upload it to the repository server again.</p> It's best to enforce TLS-only access at the front-end proxy level anyway. It not only avoids the problem entirely, it can be significantly more secure. The [./tls-nginx.md|nginx TLS proxy guide] shows one way to achieve this.</p> <h2>Terminology Note</h2> This document is called <tt>ssl.wiki</tt> for historical reasons. The TLS protocol was originally called SSL, and it went through several revisions before being replaced by TLS. Years before this writing, SSL |