We recently moved our
Spiceworks installation to HTTPS. While there's a handy setting in the options to force user connections to the portal to use HTTPS, this doesn't affect the backend used by admin and helpdesk staff. There's a lot of bad advice out there about how to accomplish this redirect. Many threads
like this one suggest adding a 302 redirect to a port 80 virtualhost to redirect to https. While this does appear to work initially you will find that incoming emails no longer generate tickets. If you view the production.txt log in C:\Program Files(x86)\Spiceworks\log\ you'll see an entry like this:
I[08:12:09.44 9b1030] scheduled call to check for ticket email url_ping: /tickets/check_email (http://127.0.0.1:80/tickets/check_email)
W[08:12:09.44 9b1030] check for ticket email url_ping: /tickets/check_email => unexpected response: Net::HTTPMovedPermanently
Yep, that's right - Spiceworks uses an internal API on port 80. What's worse is that it does not follow the 302 redirect correctly, so if you go this route it will not work. Luckily there are a number of other threads
like this one on the Spiceworks forum that have a better suggestion - using Apache mod_rewrite to accomplish the task. Specifically you will need to add the following directives to the httpd.conf file in C:\Program Files(x86)\Spiceworks\httpd\conf:
RewriteEngine On
RewriteCond %{REMOTE_HOST} !^127\.0\.0\.1
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
This will also require that you have the directive:
LoadModule rewrite_module modules/mod_rewrite.so
somewhere in the config but this appears to happen by default. Essentially this will rewrite any HTTP requests to HTTPS with the exception of 127.0.0.1, the loopback addressed used by Spiceworks for internal API calls.
No comments:
Post a Comment