RT3 under https - Ticket create button uses http and not https

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Good evening,

I just installed a new version of RT 3.6.3 from source on a new CentOS 5
system. I’ve set everything up so it runs under https rather than http.
(conf.d/rt.conf included below). Configuration of the system and
creation of users, groups, and queues worked correctly.

I tried to create a new ticket and received the following error

"Bad Request

Your browser sent a request that this server could not understand.
Reason: You’re speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

Hint: *https://rt.us.com/* <https://rt.netcerto.com/>

Apache/2.2.3 (CentOS) Server at rt.us.com Port 443"

The Create button on the new ticket page is only button or link that
I’ve used so far in setting up and using RT3 that didn’t use SSL correctly.

WebBaseURL is set to:

Set($WebBaseURL , “https://rt.us.com:$WebPort”);

though I tried it without the $WebPort as well.

Any pointers or suggestions would be most welcome.

  • -David

/etc/httpd/conf.d/rt.conf:

ServerName rt.us.com
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key

Rewrite added to try and fix http → https problem without success

RewriteEngine On
RewriteCond   %{SERVER_PORT}  !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]

DocumentRoot /usr/local/rt3/share/html
AddDefaultCharset UTF-8

PerlModule Apache::DBI
PerlRequire /usr/local/rt3/bin/webmux.pl


<Location />
 SetHandler perl-script
 PerlHandler RT::Mason
</Location>

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)
Charset: ISO-8859-1

wj8DBQFGi0fJBB3D6kCa6qsRAu5MAKC6YOBtSSb1HGDG/QTg0+qmSmIVwgCgqUJW
a9kr5UBlJYw64UcXq2qGbBY=
=i7CG
-----END PGP SIGNATURE-----

Hey David,

I’ve run into a similar problem, and I think this has shown up on the
list before as well. Here is what I did to fix this:

In the file /usr/lib/perl/vendor_perl/5.8.8/RT (your location may be
slightly different), around line 194:

if ($uri->host  eq $server_uri->host &
    $uri->port eq $server_uri->port) {
        $uri->host($ENV{'HTTP_HOST'});
        # $uri->port($ENV{'SERVER_PORT'});
}

make sure that

$uri->port($ENV{‘SERVER_PORT’});

is commented out.

You will likely need to start apache for this to take effect.

Everyone else:

Since this is not the first time this problem has come up, is this
expected behavior? Am I doing some wrong, have an invalid setting in my
configuration or a goofy setup somehow? Also what exactly is that
segment of code doing?

Thanks,

.r’

David Kovar wrote:

Good evening,

I just installed a new version of RT 3.6.3 from source on a new CentOS 5
system. I’ve set everything up so it runs under https rather than http.
(conf.d/rt.conf included below). Configuration of the system and
creation of users, groups, and queues worked correctly.

I tried to create a new ticket and received the following error

"Bad Request

Your browser sent a request that this server could not understand.
Reason: You’re speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

Hint: *https://rt.us.com/* <https://rt.netcerto.com/>

Apache/2.2.3 (CentOS) Server at rt.us.com Port 443"

The Create button on the new ticket page is only button or link that
I’ve used so far in setting up and using RT3 that didn’t use SSL
correctly.

WebBaseURL is set to:

Set($WebBaseURL , “https://rt.us.com:$WebPort”);

though I tried it without the $WebPort as well.

Any pointers or suggestions would be most welcome.

-David

/etc/httpd/conf.d/rt.conf:

ServerName rt.us.com
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key

Rewrite added to try and fix http → https problem without success

RewriteEngine On
RewriteCond   %{SERVER_PORT}  !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]

DocumentRoot /usr/local/rt3/share/html
AddDefaultCharset UTF-8

PerlModule Apache::DBI
PerlRequire /usr/local/rt3/bin/webmux.pl


<Location />
 SetHandler perl-script
 PerlHandler RT::Mason
</Location>

http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Greetings,

I couldn’t find the code Robert mentioned anywhere in /usr/lib/perl but
it does appear in ./lib/RT/Interface/Web.pm in 3.6.3 and 3.6.4.

I changed that file appropriately and the problem was resolved.

Thank you very much.

  • -David

Robert Long wrote:

Hey David,

I’ve run into a similar problem, and I think this has shown up on the
list before as well. Here is what I did to fix this:

In the file /usr/lib/perl/vendor_perl/5.8.8/RT (your location may be
slightly different), around line 194:

if ($uri->host  eq $server_uri->host &
    $uri->port eq $server_uri->port) {
        $uri->host($ENV{'HTTP_HOST'});
        # $uri->port($ENV{'SERVER_PORT'});
}

make sure that

$uri->port($ENV{‘SERVER_PORT’});

is commented out.

You will likely need to start apache for this to take effect.

Everyone else:

Since this is not the first time this problem has come up, is this
expected behavior? Am I doing some wrong, have an invalid setting in my
configuration or a goofy setup somehow? Also what exactly is that
segment of code doing?

Thanks,

.r’

David Kovar wrote:

Good evening,

I just installed a new version of RT 3.6.3 from source on a new CentOS 5
system. I’ve set everything up so it runs under https rather than http.
(conf.d/rt.conf included below). Configuration of the system and
creation of users, groups, and queues worked correctly.

I tried to create a new ticket and received the following error

"Bad Request

Your browser sent a request that this server could not understand.
Reason: You’re speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

Hint: *https://rt.us.com/* <https://rt.netcerto.com/>

Apache/2.2.3 (CentOS) Server at rt.us.com Port 443"

The Create button on the new ticket page is only button or link that
I’ve used so far in setting up and using RT3 that didn’t use SSL
correctly.

WebBaseURL is set to:

Set($WebBaseURL , “https://rt.us.com:$WebPort”);

though I tried it without the $WebPort as well.

Any pointers or suggestions would be most welcome.

-David

/etc/httpd/conf.d/rt.conf:

ServerName rt.us.com
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key

Rewrite added to try and fix http → https problem without success

RewriteEngine On
RewriteCond   %{SERVER_PORT}  !^443$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [L,R]

DocumentRoot /usr/local/rt3/share/html
AddDefaultCharset UTF-8

PerlModule Apache::DBI
PerlRequire /usr/local/rt3/bin/webmux.pl


<Location />
 SetHandler perl-script
 PerlHandler RT::Mason
</Location>

The rt-users Archives

Community help: http://wiki.bestpractical.com
Commercial support: sales@bestpractical.com

Discover RT’s hidden secrets with RT Essentials from O’Reilly Media.
Buy a copy at http://rtbook.bestpractical.com

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.2 (Build 2014)
Charset: ISO-8859-1

wj8DBQFGjW43BB3D6kCa6qsRAnFMAKDtYPzf+Ya6EFlzYgNwxN5isxxUTQCg1+Nt
Tk5/ffYyQLHtk8phDohdJ5E=
=N/bn
-----END PGP SIGNATURE-----