[Solved] Redirections for cgit and http to https
Added by l3u about 4 years ago
Hi forum!
I host a cgit installation with lighttpd. I also use letsencrypt certificates and normally redirect all http requests to https. But this doesn't work as expected with the cgit subdomain.
Here's the (working) config for cgit, also allowing the certbot to reach the files it needs to update the letsencrypt cert:
$HTTP["host"] == "git.server.de" {
index-file.names = ( "cgit.cgi" )
cgi.assign = ( "cgit.cgi" => "" )
url.rewrite-once = (
"^/robots.txt" => "/robots.txt",
"^/\.well-known(.+)" => "/.well-known$1",
"^/cgit\.(css|png)" => "$0",
"^/.+" => "/cgit.cgi$0"
)
}
For my other domains, I add the following code to redirect from http to https:
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ ".*" {
url.redirect-code = 307
url.redirect = (".*" => "https://%0$0")
}
}
This works fine for the other domains I host, no matter what URL is requested. But for the cgit one, it doesn't:
if e. g. http://git.server.de/project.git/ is requested, it's redirected to https://git.server.de/cgit.cgi/project.git/ and cgit yields an error message.
It would be very nice if anybody could explain why this happens and how I can configure my cgit domain properly.
Thanks in advance!
Cheers, Tobias
Replies (5)
RE: Redirections for cgit and http to https - Added by gstrauss about 4 years ago
You have not provided your lighttpd.conf, but I would guess you should look at the module order in server.modules and load mod_redirect before mod_rewrite.
RE: Redirections for cgit and http to https - Added by l3u about 4 years ago
The module order actually was:
server.modules = (
"mod_rewrite",
"mod_redirect",
"mod_access",
"mod_auth",
"mod_simple_vhost",
"mod_accesslog",
"mod_alias",
"mod_expire",
"mod_compress",
"mod_cgi",
"mod_proxy",
"mod_openssl"
)
but switching the first two so that mod_redirect is the first one didn't change the behavior ...
RE: Redirections for cgit and http to https - Added by l3u about 4 years ago
I just found this in https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModRewrite
Rewrite rules always execute before redirect rules. This is true regardless of the order of module loading or the order of rules in the configuration
so at least it's clear what happens: The rewrite happens before the redirect and rewrites to /cgit.cgi/..., then this very URL is redirected to it's https equivalent and this one doesn't exist.
Question is how to solve this ...
RE: Redirections for cgit and http to https - Added by l3u about 4 years ago
I think I found a solution :-)
I made the rewrite rules dependant of the scheme. They now are only applied if the scheme is https, so that the redirect happens before the rewrite. Like so:
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ ".*" {
url.redirect-code = 307
url.redirect = (".*" => "https://%0$0")
}
}
$HTTP["scheme"] == "https" {
$HTTP["host"] == "git.server.de" {
index-file.names = ( "cgit.cgi" )
cgi.assign = ( "cgit.cgi" => "" )
url.rewrite-once = (
"^/robots.txt" => "/robots.txt",
"^/\.well-known(.+)" => "/.well-known$1",
"^/cgit\.(css|png)" => "$0",
"^/.+" => "/cgit.cgi$0"
)
}
}
Seems to work ...
RE: Redirections for cgit and http to https - Added by gstrauss about 4 years ago
Thanks for the update.
Yes, you are correct that mod_rewrite rules are applied before mod_redirect, no matter the module order.
mod_rewrite rules are applied in an earlier hook in request processing than are mod_redirect rules.
I like your solution. Thanks!