The following steps are used to enforce the HTTPS protocol.
Edit the following file:
The following steps are used to enforce the HTTPS protocol.
Edit the following file:
As root user
/etc/httpd/conf.d/$BACK_OFFICE_HOST.conf
Modify the content to have the following result:
<VirtualHost *:80>
ServerName $BACK_OFFICE_HOST
Header edit Set-Cookie "^(.+)$" "$1; secure"
Redirect permanent / https://$BACK_OFFICE_HOST
</VirtualHost>
<VirtualHost *:443>
ServerName $BACK_OFFICE_HOST
Header edit Set-Cookie "^(.+)$" "$1; secure"
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/cert/$GENERATED_CERTIFICATE.crt
SSLCertificateKeyFile /etc/httpd/ssl/keys/$GENERATED_KEYCERTIFICATE.key
DocumentRoot /var/www/html/bo-portal/
<Directory /var/www/html>
Options -Indexes
Order deny,allow
Allow from all
</Directory>
ProxyRequests Off
ProxyPass /bo-ws http://localhost:36080/bo-ws retry=0 ttl=60
AllowEncodedSlashes On
</VirtualHost>
When enabling X-Frame-Options (if necessary), ensure that the parameter is not set as "deny". For more information, consult X-Frame-Options official documentation.