[Koha-bugs] [Bug 21044] New: Error 400 'broken link' when enabling SSL from end to end

bugzilla-daemon at bugs.koha-community.org bugzilla-daemon at bugs.koha-community.org
Fri Jul 6 11:26:25 CEST 2018 

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=21044

            Bug ID: 21044
           Summary: Error 400 'broken link' when enabling SSL from end to
                    end
 Change sponsored?: ---
           Product: Koha
           Version: unspecified
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5 - low
         Component: Architecture, internals, and plumbing
          Assignee: koha-bugs at lists.koha-community.org
          Reporter: henri.jacob at univ-rennes1.fr
        QA Contact: testopia at bugs.koha-community.org

Our Koha services (v16.05) are hosted on a CentOS server behind a http
reverse-proxy (Apache) in mod_cgi mode.
We plan to offer SSL access "from end to end" to both staff and opac clients.
For this  purpose, we configured the Apache Koha server like this:

Apache configuration file /etc/httpd/conf.d/ssl.conf (with auto-certified
certificate):

       SSLEngine               on
       SSLProtocol             all -SSLv3
       SSLCipherSuite          ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-......
       SSLHonorCipherOrder     on
       SSLCompression          off
       SSLCertificateFile         
/etc/certificats/auto-signes/<koha-server>.crt
       SSLCertificateKeyFile      
/etc/certificats/auto-signes/<koha-server>.key

And the http reverse-proxy is configured like that :

<VirtualHost xxx.yyy.zzz.www:443>
    ServerName xxxxxxxx   
    Use SSL sssssss.univ-rennes1.fr  
    Include conf/SSLProxy-authentifie.conf
    SSLProxyCACertificateFile /etc/certificats/auto-signes/<koha-server>.crt
    ProxyPass / http://<koha-server>:8880/ min=0 max=100 smax=50 ttl=10
timeout=900
    ProxyPassReverse / http://<koha-server>:8880/
</VirtualHost>

Why do the 'broken link' error occur ? We have seen some hard-coded references
like 'http://localhost' and 'http://localhost:8080' .
Should we modify all these references to 'http://localhost' and
'https://localhost:8443' ?
Does-it works with an auto-certified certificate ?

We read these pages about this subject:
    Enabling SSL for Koha staff view :
https://lists.katipo.co.nz/public/koha/2011-May/029006.html
    Access Koha via SSL : 
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=5576

Thank you for any suggestion,

best regards,
Henri Jacob

-- 
You are receiving this mail because:
You are watching all bug changes.
You are the assignee for the bug.

More information about the Koha-bugs mailing list