Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.
|Comment:||Updated www/ssl.wiki to cover the new "Redirect to HTTPS" setting and to add recovery methods for the case where enabling it causes a redirect loop.|
|Downloads:||Tarball | ZIP archive | SQL archive|
|Timelines:||family | ancestors | descendants | both | trunk|
|Files:||files | file ages | folders|
|User & Date:||wyoung 2019-01-22 03:01:49|
|03:02||Fixed a Markdown-ism in previous check-in: 485eda76 user: wyoung tags: trunk|
|03:01||Updated www/ssl.wiki to cover the new "Redirect to HTTPS" setting and to add recovery methods for the case where enabling it causes a redirect loop. check-in: 226b14fc user: wyoung tags: trunk|
|02:52||Updated the Security-Audit page to better handle the change from the old https-login setting to the new redirect-to-https setting. check-in: 37918a1f user: wyoung tags: trunk|
Changes to www/ssl.wiki.
201 201 202 202 To use TLS encryption in cloning and syncing to a remote Fossil 203 203 repository, be sure to use the <tt>https:</tt> URI scheme in 204 204 <tt>clone</tt> and <tt>sync</tt> commands. If your server is configured 205 205 to serve the repository via both HTTP and HTTPS, it's easy to 206 206 accidentally use unencrypted HTTP if you forget the all-important 's'. 207 207 208 -There is a setting in the Fossil UI under Admin → Access called 209 -"Redirect to HTTPS on the Login page." This setting is not enabled by 210 -default. This setting does not automatically upgrade clones and syncs 211 -done via the <tt>http</tt> URI scheme. It only affects web UI access to 212 -the Fossil repository. 208 +As of Fossil 2.8, there is a setting in the Fossil UI under Admin → 209 +Access called "Redirect to HTTPS," which is set to "Off" by default. 210 +Changing this only affects web UI access to the Fossil repository. It 211 +doesn't affect clones and syncs done via the <tt>http</tt> URI scheme. 212 + 213 +In Fossil 2.7 and earlier, there was a much weaker form of this setting 214 +affecting the <tt>/login</tt> page only. If you're using this setting, 215 +you should migrate to the new setting as soon as possible, because the 216 +old setting allows multiple ways of defeating it. 217 + 218 +<b id="rloop">WARNING:</b> Enabling HTTPS redirects at the Fossil repo 219 +level while running Fossil behind an HTTPS proxy can result in an 220 +infinite redirect loop. It happens when the proxy mechanism presents 221 +"`http`" URIs to Fossil, so Fossil issues a redirect, so the browser 222 +fetches the page again, causing Fossil to see an "`http`" URI again, so 223 +it issues a redirect...'round and 'round it goes until the web browser 224 +detects it's in a redirect loop and gives up. This problem prevents you 225 +from getting back into the Admin UI to fix it, but there are several 226 +ways to fix it: 213 227 214 -<b id="rloop">WARNING:</b> Never enable this setting when running Fossil 215 -behind an HTTPS proxy with Fossil running underneath it via HTTP or 216 -SCGI. This will cause an infinite redirect loop any time someone tries 217 -to log into the web UI. Fossil sees that it's being accessed via HTTP, 218 -so it redirects the browser to an HTTPS equivalent URL, which causes the 219 -client to hit the HTTPS front end proxy up again for access, which 220 -causes Fossil to see that it's being accessed via HTTP, so it redirects 221 -the client to...'round and 'round it goes until the web browser detects 222 -it's in a redirect loop and gives up. 228 + # <p><b>Reset via CLI.</b> You can turn the setting back off from the 229 + CLI with the command "<tt>fossil -R /path/to/repo.fossil set 230 + redirect-to-https 0</tt>". (Currently doesn't work.)</p> 231 + # <p><b>Backup first.</b> This setting is stored in the Fossil 232 + repository, so if you make a backup first <i>on the server</i>, you 233 + can restore the repo file if enabling this feature creates a 234 + redirect loop.</p> 235 + # <p><b>Download, fix, and restore.</b> You can copy the remote 236 + repository file down to a local machine, use <tt>fossil ui</tt> to 237 + fix the setting, and then upload it to the repository server 238 + again.</p> 223 239 224 -If you wish to enforce TLS-only access to a Fossil web server, it is 225 -best done at the HTTPS front-end proxy layer, not by use of Fossil-level 226 -settings like this one. The [./tls-nginx.md|nginx TLS proxy guide] 227 -shows one way to achieve this, for example. 240 +It's best to enforce TLS-only access at the front-end proxy level 241 +anyway. It not only avoids the problem entirely, it can be significantly 242 +more secure. The [./tls-nginx.md|nginx TLS proxy guide] shows one way 243 +to achieve this.</p> 228 244 229 245 230 246 <h2>Terminology Note</h2> 231 247 232 248 This document is called <tt>ssl.wiki</tt> for historical reasons. The 233 249 TLS protocol was originally called SSL, and it went through several 234 250 revisions before being replaced by TLS. Years before this writing, SSL