Hi,
I think we all liked tnt's proposal to just call it osmocom.org. Are we ready to make the redmine available as osmocom.org (and redirect www.osmocom.org, projects.osmocom.org to it)?
As first step of redirects I propose:
http://bb.osmocom.org/ -> http://osmocom.org/projects/baseband http://openbsc.osmocom.org/ -> http://osmocom.org/projects/openbsc http://tetra.osmocom.org/ -> http://osmocom.org/projects/tetra http://simtrace.osmocom.org/ -> http://osmocom.org/projects/simtrace http://security.osmocom.org/ -> http://osmocom.org/projects/security http://gmr.osmocom.org/ -> http://osmocom.org/projects/gmr http://sdr.osmocom.org/ -> http://osmocom.org/projects/sdr
any objections or corrections to that?
kind regards holger
Hi Holger,
On Fri, Mar 18, 2016 at 08:59:26PM +0100, Holger Freyther wrote:
I think we all liked tnt's proposal to just call it osmocom.org. Are we ready to make the redmine available as osmocom.org (and redirect www.osmocom.org, projects.osmocom.org to it)?
yes, and also yes for the redirects.
any objections or corrections to that?
none, please go ahead. Thanks a lot!
I wonder if it is worth to make the old wiki/issue trac databases (without the user password hashes!) publicly available, in case somebody has a need for old content.
On 18 Mar 2016, at 20:59, Holger Freyther holger@freyther.de wrote:
Hi,
any objections or corrections to that?
this is now in place and the old domains are now using X509 certs of letsencrypt.
holger
this is now in place and the old domains are now using X509 certs of letsencrypt.
Do you know if redmine supports going to HTTPS only (i.e. redir http to https). I changed the "protocol" to HTTPS in the admin panel but that had no effect afaict.
I would prefer to be HTTPS only and also have the session cookie have the "Secure" flag (so they're never sent over plain HTTP)
Cheers,
Sylvain
2016. márc. 27. dátummal, 16:30 időpontban Sylvain Munaut 246tnt@gmail.com írta:
Do you know if redmine supports going to HTTPS only (i.e. redir http to https). I changed the "protocol" to HTTPS in the admin panel but that had no effect afaict.
I think this should be done on nginx’s level. According to this test everything looks good, although HSTS could be introduced since it is not a hard thing to set up as far as I remember and it would improve the grade to A+ :): https://www.ssllabs.com/ssltest/analyze.html?d=osmocom.org&s=2a01%3a4f8%...
This blogpost, although quite old, offers a good list of things to look at: https://timtaubert.de/blog/2014/10/deploying-tls-the-hard-way/
I would prefer to be HTTPS only and also have the session cookie have the "Secure" flag (so they're never sent over plain HTTP)
Cheers, Domi
On 27 Mar 2016, at 16:30, Sylvain Munaut 246tnt@gmail.com wrote:
this is now in place and the old domains are now using X509 certs of letsencrypt.
Do you know if redmine supports going to HTTPS only (i.e. redir http to https). I changed the "protocol" to HTTPS in the admin panel but that had no effect afaict.
I don't know.
I would prefer to be HTTPS only and also have the session cookie have the "Secure" flag (so they're never sent over plain HTTP)
I added: proxy_set_header X-Forwarded-Ssl on;
to the nginx config in the hope that redmine makes use of that instead of the X-Forwarded-Proto. If it matters to you deeply we can make a general http -> https redirect.
holger
On 27 Mar 2016, at 18:40, Holger Freyther holger@freyther.de wrote:
to the nginx config in the hope that redmine makes use of that instead of the X-Forwarded-Proto. If it matters to you deeply we can make a general http -> https redirect.
ah lol... http://www.redmine.org/projects/redmine/wiki/RedmineSettings#Protocol says it is for http vs. https in email notifications. :}
baseband-devel@lists.osmocom.org
-
Harald Welte -
Holger Freyther -
Sylvain Munaut -
Tomcsányi Domonkos -
Tomcsányi, Domonkos