Apache HTTPS Back Office Configuration - Fluid Topics - 3.9 - Reference Guides

Fluid Topics Integration Guide

Product
Fluid Topics
Fluid Topics Version
3.9
Operating System
RHEL
Category
Reference Guides
Language
English
Target Audience
public

The following steps are used to enforce the HTTPS protocol.

Edit the following file:

As root user

/etc/httpd/conf.d/$BACK_OFFICE_HOST.conf

Modify the content to have the following result:

<VirtualHost *:80>
ServerName $BACK_OFFICE_HOST
Header edit Set-Cookie "^(.+)$" "$1; secure"
Redirect permanent / https://$BACK_OFFICE_HOST
</VirtualHost>

<VirtualHost *:443>
ServerName $BACK_OFFICE_HOST
Header edit Set-Cookie "^(.+)$" "$1; secure"

SSLEngine on
SSLCertificateFile /etc/httpd/ssl/cert/$GENERATED_CERTIFICATE.crt
SSLCertificateKeyFile /etc/httpd/ssl/keys/$GENERATED_KEYCERTIFICATE.key

DocumentRoot /var/www/html/bo-portal/
<Directory /var/www/html>
Options -Indexes
Order deny,allow
Allow from all
</Directory>
ProxyRequests Off
ProxyPass /bo-ws http://localhost:36080/bo-ws retry=0 ttl=60
AllowEncodedSlashes On
</VirtualHost>

When enabling X-Frame-Options (if necessary), ensure that the parameter is not set as "deny". For more information, consult X-Frame-Options official documentation.