4

I have a Hudson/Jenkins installation which runs on port 443, so I can access it with https://ci.mydomain.com. I do not have a webserver running on port 80 like Apache Httpd, but I want if a user types http://ci.mydomain.com it should be redirected to https://...

I tried it with iptables:

/sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 443
/sbin/iptables-save
chkconfig --level 35 iptables on

But the browser tells me, that the connection failed. So I do not want to install Apache webserver, I only want to have a redirect from http://ci.mydomain.com to https://ci.mydomain.com.

voretaq7
  • 79,345
  • 17
  • 128
  • 213
Tim
  • 600
  • 2
  • 8
  • 15
  • Okay I have to install sth. like Apache. And then, what is the best way to redirect? – Tim Jun 08 '11 at 15:59

6 Answers6

10

iptables IS NOT what you want here -- You are sending a browser that is expecting to talk plain-old HTTP (just boring ordinary text) to a server that is talking HTTPS (encrypted, and VERY confusing for your browser).

You want a 300-series Redirect issued by your web server to send the client to the appropriate https:// URL. If you are running Apache you can combine this with the SSLRequireSSL directive (Manual Entry) to ensure that your clients cannot access resources that should be encrypted over unencrypted channels.

voretaq7
  • 79,345
  • 17
  • 128
  • 213
5

HTTP and HTTPS are different application level protocols, so you can't just redirect on a transport level. You should set up Apache or Nginx or something on port 80 to perform a proper HTTP redirect using a Location header.

Alex
  • 7,789
  • 4
  • 36
  • 51
4

Setup a relatively blank VirtualHost listening on 80, which does nothing but

RewriteEngine On

RewriteRule (.*) https://foo.com$1

MrTuttle
  • 1,166
  • 5
  • 5
2

Going from http to https is more then just switching ports. These are two different protocols and your Hudson/Jenkins installation is looking for https and not http.

I don't know of a way to do what you want without installing something like Apache to listen on port 80.

Chris Ting
  • 899
  • 4
  • 5
1

You are probably at an impasse here as http & https are dissimilar enough where a simple port redirect is not going to work.

user48838
  • 7,393
  • 2
  • 17
  • 14
0

If this is a follow-up of this question, the problem is that you're trying to run Jenkins on a privileged port (<1024). You're mixing things up with port 80 and 443 in your question here.

Run Jenkins on port 8443 (which is usual for an unprivileged HTTPS port) and use iptables to redirect from/to 443 and 8443.

To redirect from http:// to https://, Apache and mod_rewrite is a good choice, as others have suggested. Alternatively, any tiny web server should be able to send a redirect (HTTP 301 or 302 status) with a Location header.

Bruno
  • 4,069
  • 1
  • 20
  • 37