Dokuwiki SSL Login rewrite rules

Tue Jun 21 16:57:04 MSD 2011

Yes, with the help from people on #nginx (thanks again kolbyjack), I was 
able to get it to run, so I already added the working configuration 
snippet to the Dokuwiki [1]

I hope I didn't cause you too much work, António P. P. Almeida.

nginx is great software and I'm very happy now. The only drawback is 
that it doesn't fully support WebDAV (git-http-push not working) but 
that is another topic. Thanks for you help, all!

[1] http://www.dokuwiki.org/tips:httpslogin#nginx

On 21.06.2011 04:18, António P. P. Almeida wrote:
> On 20 Jun 2011 17h33 WEST, lenz at vfemail.net wrote:
>
>> Okay, I started to translate the rule myself and after a bit of
>> experimentation I ended up with this. The aim is to force users to
>> use the https protocol for login and administration.
>
> What is written on the wiki page you referred:
>
> http://www.dokuwiki.org/tips:httpslogin?s
>
> below the Apache mod_rewrite rules should do the trick. You can
> replace the conditions for the query string args by:
>
>
> ## On the http server block.
> if ($arg_do ~* (?:log|admin|profile)) {
>    rewrite ^ https://$host$request_uri? redirect;
> }
>
>
> ## On the https server block.
> if ($arg_do = show) {
>    rewrite ^ http://$host$request_uri? redirect;
> }
>
> if ($arg_do = "") {
>    rewrite ^ http://$host$request_uri? redirect;
> }
>
> --- appa
>
>
>
>
>> # in context server:
>> if ($args ~ do=(login|admin|profile)){
>> rewrite ^ https://$server_name$uri redirect;
>> }
>>
>> While this works for Opera, it doesn't work for wget and Firefox:
>> There's obviously a redirection loop going on:
>>
>> % wget --no-check-certificate http://xvt.localhost/start\?do=login
>> --2011-06-20 18:25:57--  http://xvt.localhost/start?do=login
>> Resolving xvt.localhost... 127.0.1.1
>> Connecting to xvt.localhost|127.0.1.1|:80... connected.
>>
>> HTTP request sent, awaiting response... 302 Moved Temporarily
>> Location: https://xvt.localhost/start?do=login [following]
>> --2011-06-20 18:25:57--  https://xvt.localhost/start?do=login
>> Connecting to xvt.localhost|127.0.1.1|:443... connected.
>>
>> HTTP request sent, awaiting response... 302 Moved Temporarily
>> Location: https://xvt.localhost/start?do=login [following]
>> --2011-06-20 18:25:57--  https://xvt.localhost/start?do=login
>> Reusing existing connection to xvt.localhost:443.
>>
>> [... and on and on... until finally ]
>>
>> 20 redirections exceeded.
>>
>> In Firefox the message looks like this: "Firefox has detected that
>> the server is redirecting the request for this address in a way that
>> will never complete."
>>
>> Any ideas on this?
>>
>> On 18.06.2011 20:15, lenz at vfemail.net wrote:
>>> Dear all,
>>>
>>> I'm preparing a nginx configuration for Dokuwiki and it all works
>>> except the following feature:
>>>
>>> If a user logs in the protocol force-switches to https and back to
>>> plain http after the login. So far, this has been realised with the
>>> apache2 rewrite rules which I stole from [1].
>>>
>>> Can anybody, who is familiar with nginx rewrite rules translate
>>> these apache2 rules to nginx? I'm sure many users would benefit
>>> from this.  Thank you very much in advance. I hope this is even
>>> possible with nginx :S
>>>
>>> [1] http://www.dokuwiki.org/tips:httpslogin?s[]=ssl&s[]=rewrite
>>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://nginx.org/mailman/listinfo/nginx
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
>