On 27 Mar 2016, at 16:30, Sylvain Munaut
<246tnt(a)gmail.com> wrote:
this is now in place and the old domains are now
using X509 certs of letsencrypt.
Do you know if redmine supports going to HTTPS only (i.e. redir http
to https). I changed the "protocol" to HTTPS in the admin panel but
that had no effect afaict.
I don't know.
I would prefer to be HTTPS only and also have the
session cookie have
the "Secure" flag (so they're never sent over plain HTTP)
I added:
proxy_set_header X-Forwarded-Ssl on;
to the nginx config in the hope that redmine makes use of that instead of the
X-Forwarded-Proto. If it matters to you deeply we can make a general http -> https
redirect.
holger