Apache HTTPS back office configuration - Fluid Topics - 3.11

Fluid Topics Integration Guide

Operating system
RHEL
Category
Reference Guides
Audience
public
Version
3.11

The following steps are used to enforce the HTTPS protocol.

Edit the following file:

As root user

/etc/httpd/conf.d/$BACK_OFFICE_HOST.conf

Modify the content to have the following result:

<VirtualHost *:80>
ServerName $BACK_OFFICE_HOST
Header edit Set-Cookie "^(.+)$" "$1; secure"
Redirect permanent / https://$BACK_OFFICE_HOST
</VirtualHost>

<VirtualHost *:443>
ServerName $BACK_OFFICE_HOST
Header edit Set-Cookie "^(.+)$" "$1; secure"

SSLEngine on
SSLCertificateFile /etc/httpd/ssl/cert/$GENERATED_CERTIFICATE.crt
SSLCertificateKeyFile /etc/httpd/ssl/keys/$GENERATED_KEYCERTIFICATE.key

DocumentRoot /var/www/html/bo-portal/
<Directory /var/www/html>
Options -Indexes
Order deny,allow
Allow from all
</Directory>
ProxyRequests Off
ProxyPass /bo-ws http://localhost:36080/bo-ws retry=0 ttl=60
AllowEncodedSlashes On
</VirtualHost>

When enabling X-Frame-Options (if necessary), ensure that the parameter is not set as "deny". For more information, consult X-Frame-Options official documentation.