Horde auf SSL forcieren

mirabilos · June 2, 2009, 1:15pm

root@ugs:~ # cat hordessl.diff
--- /etc/univention/templates/files/var/www/ucs-overview/de.html.d/60horde-de.html~     2009-06-02 14:53:39.952994148 +0200
+++ /etc/univention/templates/files/var/www/ucs-overview/de.html.d/60horde-de.html      2009-06-02 14:54:39.535346587 +0200
@@ -1,5 +1,5 @@
 <tr>
-<td class="overview"><a href="../horde3/"><img src="../icon/horde-power1.png" alt="" border="0" /></a></td>
-<td class="overview"><a href="../horde3/">Univention Kolab2 Webclient</a></td>
+<td class="overview"><a href="https://@%@hostname@%@.@%@domainname@%@/horde3/"><img src="../icon/horde-power1.png" alt="" border="0" /></a></td>
+<td class="overview"><a href="https://@%@hostname@%@.@%@domainname@%@/horde3/">Univention Kolab2 Webclient</a></td>
 <td class="overview">Univention Kolab2 Webclient</td>
 </tr>
--- /etc/univention/templates/files/var/www/ucs-overview/en.html.d/60horde-en.html~     2009-06-02 14:54:26.590835430 +0200
+++ /etc/univention/templates/files/var/www/ucs-overview/en.html.d/60horde-en.html      2009-06-02 14:54:38.815318153 +0200
@@ -1,5 +1,5 @@
 <tr>
-<td class="overview"><a href="../horde3/"><img src="../icon/horde-power1.png" alt="" border="0" /></a></td>
-<td class="overview"><a href="../horde3/">Univention Kolab2 Webclient</a></td>
+<td class="overview"><a href="https://@%@hostname@%@.@%@domainname@%@/horde3/"><img src="../icon/horde-power1.png" alt="" border="0" /></a></td>
+<td class="overview"><a href="https://@%@hostname@%@.@%@domainname@%@/horde3/">Univention Kolab2 Webclient</a></td>
 <td class="overview">Univention Kolab2 Webclient</td>
 </tr>
--- /etc/univention/templates/files/etc/horde/horde3/conf.php~  2009-06-02 14:57:50.190901163 +0200
+++ /etc/univention/templates/files/etc/horde/horde3/conf.php   2009-06-02 14:58:14.623870457 +0200
@@ -10,7 +10,7 @@
 //
 $conf['debug_level'] = E_ALL;
 $conf['max_exec_time'] = 0;
-$conf['use_ssl'] = 2;
+$conf['use_ssl'] = 1;
 @!@
 horde_auth=baseConfig.get('horde/auth', 'kolab')
 if horde_auth.lower() == 'kolab':
--- /usr/share/horde3/login.php~        2009-06-02 14:59:10.898103428 +0200
+++ /usr/share/horde3/login.php 2009-06-02 15:06:40.371961820 +0200
@@ -10,6 +10,13 @@
  * @author Chuck Hagenbuch <chuck@horde.org>
  */

+if (!isset($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] != "on") {
+       $tgt = "https" . strstr($_SERVER["SCRIPT_URI"], "://");
+       header("Location: " . $tgt);
+       echo "Redirecting to: " . $tgt . "\n";
+       die; 
+}
+
 /* Add anchor to outgoing URL. */
 function _addAnchor($url, $type)
 {

Tut so bei uns recht sauber, und hat den Vorteil, daß
es von ugs.$domain/ weiterleitet
(search im DNS für kurze http-URIs, aber bei https lautet
das Zertifikat auf den FQDN).

Scherer · June 5, 2009, 10:04am

Hallo,

vielen Dank für die Bereitstellung des Patches.
Ich habe dazu einen Eintrag in unserem Bugtracking-System erstellt, sodass diese Funktionalität im Zuge der Weiterentwicklung von Univention Corporate Server berücksichtigt werden wird.

Mit freundlichen Grüßen
Tobias Scherer