Force SSL (HTTPS)


#1

I’ve got Quickbox up and running with a custom domain and configured ssl using letsencrypt. HTTPS is working great. I can access apps from links such as https://my.domain.com/sonarr. However, links to apps still work over http and do not force/redirect to https. How can I force all apps to be redirected so that, for example, http://my.domain.com/sonarr redirects to https://my.domains.com/sonarr?


#2

In your Sonarr apache config at /etc/apache2/sites-enabled/sonarr.conf could you add the following:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

So it will look as the following:

<Location /sonarr>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
ProxyPass http://localhost:8989/sonarr
ProxyPassReverse http://localhost:8989/sonarr
AuthType Digest
AuthName "rutorrent"
AuthUserFile '/etc/htpasswd'
Require user ${username}
</Location>

See if that works out the way you’d like. Otherwise, if you are using a free DNS such as Cloudflare, there is an option to force the rewrite on all links to https.


#3

Worked like a charm! Thank you so much for your help!


#4

I have done the same for the Sonarr, but would it work for the Plex and Rutorrent as well? When I try to access Plex now under https, it refuses. Rutorrent goes to http when accesed directly.


#5

I’m feeling like you’ve botched something on your system. For starters, ruTorrent by default with QuickBox goes by way of secured 443 or ssl. This is evident in your /etc/apache2/sites-enabled/aliases-seedbox.conf. There is additionally an .htaccess file in the /srv/rutorrent/ directory that handles the rewrites on the directory level. It has the following contents:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

This is handling the rewrite to https:

For Plex, you will more than likely need to setup a sub-domain for best practice. For instance; my-plex.domain.com. You can achieve this by using the following template. Replace the current plex.conf in your apache2/sites-enabled folder with this config… be sure to adjust accordingly.

ServerSignature Off
ServerTokens Prod

<VirtualHost *:80>
  ServerName plex.domain.com
  # This VirtualHost redirects everything to HTTPS on port 443.
  RewriteEngine On
  RewriteCond %{HTTPS} off
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

<VirtualHost *:443>
  ServerName plex.domain.com
  ServerAlias ""
  Options -Includes -ExecCGI

  RewriteEngine On
  RewriteCond %{THE_REQUEST} !HTTP/1.1$
  RewriteRule .* - [F]

  LimitRequestBody 512000
  SSLEngine On
  SSLCertificateFile /etc/apache2/ssl/certs/plex.domain.com-ssl.pem
  SSLCertificateKeyFile /etc/apache2/ssl/certs/plex.domain.com-ssl.key
  SSLProtocol +TLSv1.2

  Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
  Header always set X-Frame-Options DENY
  FileETag None
  TraceEnable off
  #Header edit Set-Cookie ^(.*)$ ;HttpOnly;Secure
  Header set X-XSS-Protection "1; mode=block"
  Timeout 60

    <Location /:/websockets/notifications>
        ProxyPass wss://plex.domain.com:32400/:/websockets/notifications
        ProxyPassReverse wss://plex.domain.com:32400/:/websockets/notifications
    </Location>

  <Proxy *>
	Order deny,allow
	Allow from all
  </Proxy>

    ProxyRequests Off
    ProxyPreserveHost On
    SSLProxyEngine On
    RequestHeader set Front-End-Https "On"
    ProxyPass / http://plex.domain.com:32400/
    ProxyPassReverse / http://plex.domain.com:32400/

    RewriteEngine on
    RewriteCond %{REQUEST_URI} !^/web
    RewriteCond %{HTTP:X-Plex-Device} ^$
    RewriteCond %{REQUEST_METHOD} !^(OPTIONS)$
    RewriteRule ^/$ /web/$1 [R,L]
</VirtualHost>

Make sure to install a certificate and adjust the SSLCertificate fields with the actual name of the ssl certificate. You can generate one for this subdomain by easily using box install letsencrypt

If you get a failed notice in regards to headers, do a2enmod headers to activate them, then restart apache with service apache2 restart

Also, please be courteous in the future and open a new topic. We’re lucky to reply to people commenting on solved topics.