Univention Bugzilla – Bug 44628
(4.2) force_https makes apache redirect traffic for localhost
Last modified: 2017-05-24 10:48:07 CEST
+++ This bug was initially created as a clone of Bug #43603 +++ As with Bug #40121 force_https also makes Apache redirect HTTP connections for localhost. This breaks OX: http://forum.univention.de/viewtopic.php?t=6505&p=24980#p24980 and probably other proxied software. The following rule seems to fix that: --- RewriteCond %{HTTP_HOST} != localhost --- (Is a rule for 127.0.0.1 also needed?)
univention-apache (9.0.5-10): r79441 | Bug #44628: make excludes for force_https configurable univention-apache.yaml: r79444 | YAML Bug #44628
* YAML: being forcing -> being forced * Apache doesn't start anymore: root@dc2000:~# ucr set apache2/force_https=true root@dc2000:~# ucr search force_https apache2/force_https/exclude/(request_uri|http_host|remote_addr|server_name)/.*: <empty> apache2/force_https/exclude/http_host/localhost: localhost apache2/force_https/exclude/request_uri/mod-status: /server-status apache2/force_https: true root@dc2000:~# systemctl restart apache2.service Job for apache2.service failed. See 'systemctl status apache2.service' and 'journalctl -xn' for details. root@dc2000:~# systemctl status apache2.service ● apache2.service - LSB: Apache2 web server Loaded: loaded (/etc/init.d/apache2) Active: failed (Result: exit-code) since So 2017-05-21 11:53:19 CEST; 4s ago Process: 17635 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS) Process: 17663 ExecStart=/etc/init.d/apache2 start (code=exited, status=1/FAILURE) Mai 21 11:53:19 dc2000 systemd[1]: Starting LSB: Apache2 web server... Mai 21 11:53:19 dc2000 apache2[17663]: Starting web server: apache2 failed! Mai 21 11:53:19 dc2000 apache2[17663]: The apache2 configtest failed. ... (warning). Mai 21 11:53:19 dc2000 apache2[17663]: Output of config test was: Mai 21 11:53:19 dc2000 apache2[17663]: AH00526: Syntax error on line 80 of /etc/apache2/mods-enabled/ssl.conf: Mai 21 11:53:19 dc2000 apache2[17663]: RewriteCond: bad flag delimiters Mai 21 11:53:19 dc2000 apache2[17663]: Action 'configtest' failed. Mai 21 11:53:19 dc2000 apache2[17663]: The Apache error log may have more information. Mai 21 11:53:19 dc2000 systemd[1]: apache2.service: control process exited, code=exited status=1 Mai 21 11:53:19 dc2000 systemd[1]: Failed to start LSB: Apache2 web server. Mai 21 11:53:19 dc2000 systemd[1]: Unit apache2.service entered failed state. root@dc2000:~# grep -n Rewrite /etc/apache2/mods-enabled/ssl.conf 78:RewriteEngine on 79:RewriteCond %{HTTPS} off 80:RewriteCond %{REQUEST_URI} != /server-status 81:RewriteCond %{HTTP_HOST} != localhost 82:RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
univention-apache (9.0.5-11): r79505 | Bug #44628: fix syntax error
OK: manual test r79522: updated advisory
<http://errata.software-univention.de/ucs/4.2/20.html>