-
Notifications
You must be signed in to change notification settings - Fork 110
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable https not working #97
Comments
hi @c0mputerking , the addition by the application of the hsts header is a feature that we want to remove, as you have noticed is quite hard to configure. It's something that should be done at the proxy level. I would advise you to go in the database and remove the configuration key. delete from LA_CONF where CONF_KEY = 'USE_HTTPS' |
…etter to be configured at the proxy level
…etter to be configured at the proxy level
I just restored from a backup, but thank you for the hint about the database entry ... I still need to get https going, however i did not find any howto or info in the docs about setting up a proxy, is this documented somewhere? or is this just something people with more java experience know how to do :) |
@c0mputerking , normally you would setup a reverse proxy (like nginx or haproxy) that handle the https termination. So you would have something like that:
|
Ok thank you i will give it a go |
The best way to setup a reverse proxy with SSL is to use Docker, if you know it you should try that way.
|
@ejouvin posted a snippet for Apache if you prefer it to NGINX: #46 (comment) |
Took me alot of tries to get reverse https going including some reading here on this forum and on the web. Probably mostly because i have never setup a reverse proxy before, and haven't worked much with ngnix either. Also just to add I could not use docker as i am running lxc containers and from past attempts they do not work with docker. Any ways i am going to put my ngnix config up here for myself and other is ever needed as i could not really find just a working ngnix config anywhere here. Before closing this issue maybe someone can take a look let me know if i messed or missed anything, also i will probably remove or just forward the http stuff, as i only want https access.
Thanks again for Lavagna and the continued help and support found here :) |
Setting up a reverse proxy isn't really easy but it's really useful if you're running on a VPS or you want to use HTTPS, it took me more than a few tries to get it working the first time...
Are you sure that everything works fine? |
Yes agreed about the usefulness of reverse proxy it was on my bucket list :) have been able to avoid it until now using different port numbers for everything Anyways i but the three config entries back in ... seemed to work fine without but maybe it works better now :) not sure a bit to soon to tell ... anyway as always thank you greatly for your help and support |
If I remember correctly without those settings you should get errors when using Lavagna on two different tabs in the same browser, can you check if it works? |
Closed due to inactivity |
Running lavagna-1.1-M7 on Debian 9
I tried checking Enable http strict transport security header in the admin panel, to hopefully enable https and now i can no longer connect to Lavanga even after restarting the application as suggested in the log.
If i try with https i get this error in my browser
If i try with http it lets me login but i then i get this error in my browser
This is what is printed on the console
22:59:17.830 [qtp1642534850-17] WARN io.lavagna.web.security.HSTSFilter - The base application url http://list-3.solar.somedomain.com:8080/ does not begin with https:// . It's a mandatory requirement if you want to enable full https mode.
The text was updated successfully, but these errors were encountered: