Forum
Configuration - force TLS for all connections
ron
15 June 2016, 16:47
Hi,
I am not sure how to go about doing this. I have an embedded device with self-signed keys. I want to force all traffic to go through SSL.
Is there a way to get the RequireTLS behaivor of VirtualServer to apply to the default server?
My device can be accessed by ip address or hostname. The hostname is not known to the device so I can't specify it in the config. The device is usually configured with a static ip, but the networks dns server has a mapping to a hostname.
something like 192.168.1.11 -> device1 , 192.168.1.12 -> device2
I want to go http://device1 and have it redirect to https. Is this possible without specifying device1 in the VirtualServer hostname ( since the device does not know its hostname)
Thanks
I am not sure how to go about doing this. I have an embedded device with self-signed keys. I want to force all traffic to go through SSL.
Is there a way to get the RequireTLS behaivor of VirtualServer to apply to the default server?
My device can be accessed by ip address or hostname. The hostname is not known to the device so I can't specify it in the config. The device is usually configured with a static ip, but the networks dns server has a mapping to a hostname.
something like 192.168.1.11 -> device1 , 192.168.1.12 -> device2
I want to go http://device1 and have it redirect to https. Is this possible without specifying device1 in the VirtualServer hostname ( since the device does not know its hostname)
Thanks
Hugo Leisink
15 June 2016, 16:52
Use, for exampe, 127.0.0.1 as the Hostname of the default host and use the external IP address in a VirtualHost{} section, in which you can enforce the usage of TLS.
ron
15 June 2016, 17:15
My configuration is like this
so if I go http://192.168.122.78 it will redirect me to proper site with SSL
but if the client has a mapping device1->192.168.122.78 , http://device1 will go to the default page rather than the virtual server.
Also if 192.168.122.78 is behind a NAT with a public ip 10.0.0.1 and the ports are forwarded. http://10.0.0.1 will also goto the default page rather than the virtual server.
Is there someway to force the virtual server to be default - or to make the default server requireTLS?
Hostname = 127.0.0.1
WebsiteRoot = /usr/local/var/www/hiawatha
VirtualHost {
Hostname = 192.168.122.78
WebsiteRoot = /var/www/my-domain/public
RequireTLS = yes
}
so if I go http://192.168.122.78 it will redirect me to proper site with SSL
but if the client has a mapping device1->192.168.122.78 , http://device1 will go to the default page rather than the virtual server.
Also if 192.168.122.78 is behind a NAT with a public ip 10.0.0.1 and the ports are forwarded. http://10.0.0.1 will also goto the default page rather than the virtual server.
Is there someway to force the virtual server to be default - or to make the default server requireTLS?
Hugo Leisink
15 June 2016, 18:49
Than simply use
...
VirtualHost {
Hostname = 192.168.122.78, device1, 10.0.0.1
...
}
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
