Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
When I set Encryption to Required, attempting to go to http://site:5080 should result in a redirect to https://site:5443
Instead it sends you to https://site:5080 which fails with error "SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)"
Directly going to https://site:5443 works just fine. I can't figure out why the redirect is not including the ssl port. Maybe because of the non-standard ports?
Comments
Comment #1
joshrabinowitz CreditAttribution: joshrabinowitz commentedAny update on this issue?
Comment #2
anarcat CreditAttribution: anarcat commentedHow on earth is Aegir supposed to figure out how to translate from one non-standard port to another non-standard port?
Comment #3
ergonlogicIn Provision_Service_http_public::config_data(), we have:
And in Provision_Service_http_ssl::config_data(), we have:
Should we perhaps be adding the port to the $data['redirect_url'] in the latter case?
Or perhaps this should be handled a little differently in the vhost templates. In http/Provision/Config/Apache/Ssl/vhost_ssl.tpl.php, we specify the SSL port:
>
?>
But we don't handle redirects there. That's done in http/Provision/Config/Apache/vhost.tpl.php, which is included at the bottom of the ssl vhost template:
Presumably we should be adding the https port here somewhere?
Comment #4
ergonlogicNo patch yet, but a proposed solution. So I'm setting to 'needs review'.
Comment #5
anarcat CreditAttribution: anarcat commentedI think the redirect works fine if you use standard ports. If you use non-standard ports, there's no way to guess which ports to use for SSL, unless the original post meant we should just add 363 (443-80) to the existing non-standard port, which seems a bit silly to me....
Use standard ports, it's good for you.
Comment #6
ergonlogicWe save both the public and ssl ports in the server though. So, if those are configured to use non-standard ports, we should be able to retrieve it from there.
Comment #7
ergonlogicComment #8
izmeez CreditAttribution: izmeez commentedIs there some security or other advantage to have ssl on non-standard ports?
Overall it sounds logical to support any port being used and if it can be done simply it might improve the code factoring even if it isn't used much.
Comment #9
helmo CreditAttribution: helmo at Initfour websolutions commentedComment #10
colanIs this still a problem in Aegir HTTPS?