Protected areas and rewriting to HTTPS

    Hey Guys,


    im using IMSCP for 3 months now and i love it.
    Im a newbie administrator and still learning (its just a test enviroment).


    Right now im trying to secure the system (add protected areas, iptables, change ssh port...)


    I want to protect the /htdocs directory using a basic auth (protected areas), but i want to run it over ssl.
    The problem is:


    I get the auth prompt two times.
    connecting to Port 80 -> auth prompt -> rewriting to port 443 -> auth prompt.


    I want it to work that way:


    www.domain.com:80 -> rewriting -> www.domain.com:443 -> auth prompt
    domain.com:80 -> rewriting -> www.domain.com:443 -> auth prompt



    Thats whats in the .htaccess file right now.


    Code
    1. ### START i-MSCP PROTECTION ###
    2. AuthType Basic
    3. AuthName "Webinterface"
    4. AuthUserFile /var/www/virtual/domain.com/.htpasswd
    5. Require user XYZ
    6. ### END i-MSCP PROTECTION ###
    7. RewriteEngine On
    8. RewriteCond %{HTTPS} !=on
    9. RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

    Any suggestions?
    Its a debian 8 Server btw.



    Im looking forward to your replies.




    kind regards
    eomer

    As little hint I would wait for the next release (1.3.0), because there we've implemented the HSTS feature. So after activating HSTS for that domain you'll be first redirected to https :)

    If you are on Debian 8 (Jessie) you have Apache 2.4 and then you could try this:


    *NinoS :P Atm we don't know, I think this month.

    Hey Ninos!


    I just saw that youg guys have added the Forwarding-Feature. Thanks for that!!!
    Unfortunatly it doesnt work. Its not forwarding to https. Its still bringing me to port 80.


    Should i open an extra thread for this?


    kr
    Niko

    Edited once, last by Eomer ().

    @Eomer


    You're talking about which feature exactly?

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

    SSH key for online support

    @Eomer HSTS is implemented in 1.3.x branch and still not released. Please wait for its release :)

    Oh, sorry guys. I saw this:


    Quote from Nuxwin

    Added: 10_nginx_hsts.pl listener file (enable HTTP Strict Transport Security (HSTS))

    And the thing on the screnshot. Looked new to me.
    Sorry, still a beginner :D


    Thanks for the clarification. I will enable the Rewrite-Rule again.

    Files