Hello Dennis,
If you are using the CentOS 5 and installed Apache as part of the install, you should have a file called 'ssl.conf' in the '/etc/httpd/conf.d/' directory. Have you set up that file correctly? When I set up my system, I needed to make a few changes to that file. In my file, I have a virtual host ("_default_") and within the virtual host configuration there is a switch to turn on the SSL Engine called "SSLEngine" values are on or off. Make sure it is on. Also, make sure your certificates are correct in the file. For your ssl logs, the file may be pointing your logs to a different location other than /var/log/httpd, but I doubt it. Check to be sure.
As for redirecting from http to https, here are my rules (in a file called mailman.conf in /etc/httpd/conf.d along with other mailman rules):
RedirectMatch ^/mailman[/]*$ https://%{HTTP_HOST}/mailman/listinfo
RedirectMatch ^[/]*$
https://%{HTTP_HOST}/mailman/listinfo
although instead of %{HTTP_HOST} I have the actual hostname.
I also don't bother with the rewrite rules, like turning the rewrite engine on etc.. I do load the rewrite_module ('modules/mod_rewrite.so) but so far, I have needed to use it. The Redirect set of commands use the mod_alias module. It seems to work for me.
Good Luck, Chris
On 5/23/2012 5:37 AM, Dennis Putnam wrote:
Thanks and you are, of course, correct. I knew that but I was desperate to try to get something, anything, working. I did fix it but since the more generic version did not work, it is not a surprise that the more specific rule does not work either.
Yes I did check all the logs I could thing of but nothing that indicates it even ran a rewrite rule. I don't see anything in the ssl_access or error logs either so that tells me ssl is never being used. Does that not imply that the rewrite engine is not working?
When I use http://... it brings up the correct page. As I said originally, everything works if I use http or if I manually use https. It is forcing https that doesn't. Once again it seems to be pointing to the rewrite engine not working.
On 5/22/2012 2:25 PM, Mark Sapiro wrote:
Dennis Putnam wrote:
I assume you mean the entire mailman site as opposed to the entire web site. No. I meant the entire web site. Just because you put something in /etc/httpd/conf.d/mailman.conf doesn't make it magically just apply to Mailman. It depends on where in httpd.conf that file is included.
In a normal Centos distro, the
Include conf.d/*.conf
directive is in the Global Environment section of httpd.conf and thus anything in any of the included files affects or at least sets a default for the entire site.
If you want to force https only for Mailman CGIs, your rewrite rule should be something like
RewriteRule ^/mailman(/.*) https://%{HTTP_HOST}/mailman$1 [L,R]
If you want to include forced https for public archive access (why would you?), maybe something like
RewriteRule ^/pipermail(/.*) https://%{HTTP_HOST}/pipermail$1 [R] RewriteRule ^/mailman(/.*) https://%{HTTP_HOST}/mailman$1 [L,R]
or
RewriteRule ^/(mailman|pipermail)(/.*) https://%{HTTP_HOST}/$1$2 [L,R]
would be appropriate.
Yes, that is what I want. Yes, it SHOULD work but doesn't. The main problem is that there are no errors anywhere I can find and I have no idea how to debug this. Have you looked in all the httpd logs (/var/log/httpd/*log)?
What actually happens when you go to http://www.example.com/mailman/admin/?
Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/cnulk%40scu.edu