After enabling the HTTPS role the server strangely redirects all requests to the HTTPS port from https to http and displays a 400 error.
Steps to reproduce (after setting up a clean vagrant box per the instructions here with no roles enabled):
- Follow the guide here by generating a root and intermediate certificate.
- Create a CSR using these instructions.
- In the configuration file for the intermediate folder place the code below under server_cert but before crl_ext:
subjectAltName = @alt_names [alt_names] DNS.1 = *.wiki.local.wmftest.net DNS.2 = wiki.local.wmftest.net
where local.wmftest.net is the value of
mwv::tld role::mediawiki::hostname and mediawiki::multiwiki::base_domain
in vagrant hiera configuration (puppet/hieradata/common.yaml).
- Sign the client CSR by following the signing instructions here.
- Remove any AES256 encryption on the private key file using openssl (openssl rsa -in /root/ca/intermediate/private/www.example.com.key.pem -out /root/ca/intermediate/private/devwiki.key).
- Copy the key from /root/ca/intermediate/private/devwiki.key and the .pem file from intermediate/certs/www.example.com.cert.pem into your vagrant directory on the host PC.
- Use vagrant ssh to enter the vagrant box
- Use the sudo mv command to move devwiki.key to /etc/ssl/certs/devwiki.key and www.example.com.cert.pem to /etc/ssl/certs/devwiki.pem
- Delete/remove lines 3-12 from puppet/modules/role/manifests/https.pp or create a custom role with those lines removed
- Enable the https/custom role you made and execute vagrant provision.
Expected outcome: When I connect to my box using the HTTPS port nginx serves me the HTTPS version of the site (if I import the root and intermediate to their relevant trust stores)
Actual outcome: I automatically get redirected to HTTP by nginx using a 301 redirect. I can manually replace http with https however that is an inconvenience.
I can confirm that I have tested this redirect error on Chrome Version 67.0.3396.99 and Firefox Version 61.0.1.
A screenshot of the network log from the Chrome browser is included below for your reference.