Dokuwiki SSL Login rewrite rules

dubstep · June 18, 2011, 8:16pm

Dear all,

I’m preparing a nginx configuration for Dokuwiki and it all works except
the following feature:

If a user logs in the protocol force-switches to https and back to plain
http after the login. So far, this has been realised with the apache2
rewrite rules which I stole from [1].

Can anybody, who is familiar with nginx rewrite rules translate these
apache2 rules to nginx? I’m sure many users would benefit from this.
Thank you very much in advance. I hope this is even possible with nginx
:S

[1] tips:httpslogin [DokuWiki]

unknown · June 20, 2011, 6:33pm

Okay, I started to translate the rule myself and after a bit of
experimentation I ended up with this. The aim is to force users to use
the https protocol for login and administration.

in context server:

if ($args ~ do=(login|admin|profile)){
rewrite ^ https://$server_name$uri redirect;
}

While this works for Opera, it doesn’t work for wget and Firefox:
There’s obviously a redirection loop going on:

% wget --no-check-certificate http://xvt.localhost/start\?do=login
–2011-06-20 18:25:57-- http://xvt.localhost/start?do=login
Resolving xvt.localhost… 127.0.1.1
Connecting to xvt.localhost|127.0.1.1|:80… connected.

HTTP request sent, awaiting response… 302 Moved Temporarily
Location: https://xvt.localhost/start?do=login [following]
–2011-06-20 18:25:57-- https://xvt.localhost/start?do=login
Connecting to xvt.localhost|127.0.1.1|:443… connected.

HTTP request sent, awaiting response… 302 Moved Temporarily
Location: https://xvt.localhost/start?do=login [following]
–2011-06-20 18:25:57-- https://xvt.localhost/start?do=login
Reusing existing connection to xvt.localhost:443.

[… and on and on… until finally ]

20 redirections exceeded.

In Firefox the message looks like this:
“Firefox has detected that the server is redirecting the request for
this address in a way that will never complete.”

Any ideas on this?

unknown · June 21, 2011, 4:19am

On 20 Jun 2011 17h33 WEST, [email protected] wrote:

Okay, I started to translate the rule myself and after a bit of
experimentation I ended up with this. The aim is to force users to
use the https protocol for login and administration.

What is written on the wiki page you referred:

http://www.dokuwiki.org/tips:httpslogin?s

below the Apache mod_rewrite rules should do the trick. You can
replace the conditions for the query string args by:

On the http server block.

if ($arg_do ~* (?:log|admin|profile)) {
rewrite ^ https://$host$request_uri? redirect;
}

On the https server block.

if ($arg_do = show) {
rewrite ^ http://$host$request_uri? redirect;
}

if ($arg_do = “”) {
rewrite ^ http://$host$request_uri? redirect;
}

— appa

unknown · June 21, 2011, 2:57pm

Yes, with the help from people on nginx (thanks again kolbyjack), I was
able to get it to run, so I already added the working configuration
snippet to the Dokuwiki [1]

I hope I didn’t cause you too much work, Antnio P. P. Almeida.

nginx is great software and I’m very happy now. The only drawback is
that it doesn’t fully support WebDAV (git-http-push not working) but
that is another topic. Thanks for you help, all!

[1] tips:httpslogin [DokuWiki]