Prevent access to Redmine app from IP address

simon.delmotte · February 8, 2022, 2:35pm

Keywords: Redmine - AWS - How to - Services (Apache, MariaDB, MySQL…)

Description:
Hello

I installed Redmine with Bitnami Launchpad for AWS.

I associated with this application an IP address created in AWS EC2 (Elastic IP).

A domain is attached to the IP address.

HTTPS has been activated with Bitnami Configuration Tool also configured to redirect the www url to the non-www url.

Everything works fine but the Redmine application remains accessible with the IP address without https like that http://ip-address.

How should I do so that the IP of the application is redirected to the domain in https?

Thank you

jota · February 9, 2022, 8:22am

Please take a look at this guide

https://docs.bitnami.com/aws/apps/redmine/administration/use-single-domain/

simon.delmotte · February 9, 2022, 9:53am

Hi Jota,

Thank you for your reply.

Rules are already present in the configuration files to which the documentation refers.
I guess they were written by Bitnami Configuration Tool script.
I wouldn’t break everything.

In /opt/bitnami/apache/conf/bitnami/bitnami.conf there are these lines:

<VirtualHost _default_:80>
…
# BEGIN: Enable HTTP to HTTPS redirection
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^localhost
RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
# END: Enable HTTP to HTTPS redirection
# BEGIN: Enable www to non-www redirection
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteCond %{HTTP_HOST} !^localhost
RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^(.*)$ http://%1$1 [R=permanent,L]
# END: Enable www to non-www redirection

There is no

<VirtualHost _default_:443>

in this file.

In this same folder (/opt/bitnami/apache/conf/bitnami/) there is a bitnami-ssl.conf file in which you can read:

<VirtualHost _default_:443>
…
# BEGIN: Enable www to non-www redirection
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteCond %{HTTP_HOST} !^localhost
RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^(.*)$ https://%1$1 [R=permanent,L]
# END: Enable www to non-www redirection

In /opt/bitnami/apache/conf/vhosts/redmine-vhost.conf there are these lines:

<VirtualHost 127.0.0.1:80 _default_:80>
…
# BEGIN: Enable HTTP to HTTPS redirection
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^localhost
RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
# END: Enable HTTP to HTTPS redirection
# BEGIN: Enable www to non-www redirection
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteCond %{HTTP_HOST} !^localhost
RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^(.*)$ http://%1$1 [R=permanent,L]
# END: Enable www to non-www redirection

In /opt/bitnami/apache/conf/vhosts/redmine-https-vhost.conf there are these ones:

<VirtualHost 127.0.0.1:443 _default_:443>
…
# BEGIN: Enable www to non-www redirection
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteCond %{HTTP_HOST} !^localhost
RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$
RewriteCond %{REQUEST_URI} !^/\.well-known
RewriteRule ^(.*)$ https://%1$1 [R=permanent,L]
# END: Enable www to non-www redirection

So I’m a bit lost on what to do on which file.

Regards

jota · February 10, 2022, 9:57am

Hi @simon.delmotte,

Yes, you have similar rules but you need to update them to use your domain, not %{SERVER_NAME} OR %1. That way, you will ensure the redirections use your domain, not a simple redirection to https using the IP/domain the request used.

simon.delmotte · February 10, 2022, 11:32am

I Jota,

I first replaced all the RewriteRule statements to put the one of the documentation:

RewriteRule ^(.*)$ https://example.com$1 [R=permanent,L]

As I still could access Redmine with IP address and http (http://ip-address), I commented out all the

RewriteCond %{HTTP_HOST} !^[0-9]+.[0-9]+.[0-9]+.[0-9]+(:[0-9]+)?$

Now it seems to work as i want: http://ip-address is redirected to https://example.com

Thank you

system · February 24, 2022, 11:32am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.