Replicant

Good point, I've also spotted that in the source tree, at vendor/replicant.

Would you care to look whether you can find http references at other places?

Paul, Would changing HTTP to HTTPS in https://redmine.replicant.us/settings fix it?

Denis.

Hi Paul,

Thanks for switching redmine Admin's protocol to https (as it ensures links generated by redmine, such as #XXX Issue links, [[Wikis Pages]], as well as URLs in outgoing emails, use https)

Aside from that, I suggest:

1. Amend the Homepage value

In https://redmine.replicant.us/projects/replicant/settings, change www.replicant.us to https://www.replicant.us/

2. Manually edit Issues, Wiki & Forum mentions of:

• http://redmine.replicant.us - 183 occurences
• http://www.replicant.us - 31 occurences

A quick way of doing this could be to put redmine in read-only (for the time necessary to perform the following steps), make a SQL dump of redmine's DB, switch all http references to https in the dump file, override the DB with the dump file, and restart redmine/Apache.

mysqldump -u redmine -p --opt --lock-tables=false redmine > redmine_dump_yyyymmdd.sql

# Edit the @redmine_dump.sql@, using vim for example,

vim redmine_dump_yyyymmdd.sql

   :%s/http:\/\/www.replicant.us/https:\/\/www.replicant.us/g
   :%s/http:\/\/redmine.replicant.us/https:\/\/redmine.replicant.us/g
   :wq

mysql -u root -p

    drop database redmine;
    CREATE DATABASE redmine CHARACTER SET utf8;
    CREATE USER 'redmine'@'localhost' IDENTIFIED BY 'password_used_by_redmine.replicant';
    GRANT ALL PRIVILEGES ON redmine.* TO 'redmine'@'localhost';
    flush privileges;
    exit

chmod 777 redmine_dump_yyyymmdd.sql  #(Optional step) ie. if mysql complains it can't import the .sql file

mysql -u root -p redmine < redmine_dump_yyyymmdd.sql

sudo service apache2 restart

3. Systematically redirect :80 to :443

I see redmine.replicant.us is hosted via Apache.

I don't know much Apache, as I always use nginx, but checking Apache's documentation, setting up such a redirect requires something like this:

NameVirtualHost *:80
<VirtualHost *:80>
   ServerName redmine.replicant.us
   Redirect permanent / https://redmine.replicant.us/
</VirtualHost>

<VirtualHost _default_:443>
   ServerName redmine.replicant.us
   DocumentRoot /usr/local/apache2/htdocs/redmine
   SSLEngine On
# etc...
</VirtualHost>

If ever you consider switching replicant's redmine to nginx, I'd be glad to help - just let me know ;)

URLs in the Redmine settings are switched to https. URLs are also changed in the README and CONTRIBUTORS files in vedor/replicant and the manifest repo.

The wiki should now only use local links for references to redmine.replicant.us content (except on deprecated pages) and links to the website are https. I won't change issues and forum posts, because I won't change messages from users. We don't have access to the database anyway.

I mentioned systematically redirecting http to https in the OSUOSL ticket for the new cert.
It looks like the registration page is not redirected to https, only the login page. This is another reason that a systematical redirect is necessary.