rootninja

Say you have a default index.html at your web root that you want to be available via http or https, so anyone can get to it. But you have a mediawiki installation that you don’t want accessible unencrypted. So you’re going to redirect all http requests to the wiki over to https:443 and while you’re at it, you don’t want to see “wiki” or “w” (or whatever base directory you’re using), to show up at all.

I’ve read in a bunch of places that you can’t use HTTP["scheme"] to redirect unencrypted http:80 traffic to encrypted https:443 without using two or three levels of nesting using “socket” and/or “host”. But that’s just not true. The only reason it doesn’t seem to work right off the bat is because using =~ with the string “http” includes “https”, so unless you get more specific and end the string with a dollar sign, you get a looping redirect of an https redirect redirecting to itself.

var.servername = “myserver.mydomain.com”
$HTTP["scheme"] =~ “http$” {
url.redirect = ( “^/wiki/(.*)” => “https://” + servername + “/$1″
}

You also end up with a cleaner URL. Instead of http://myserver/wiki/index.php you end up with https://mysever/index.php

And if you haven’t set it up yet, here’s what you’ll need to get SSL working so that lighty’s listening for that redirect.

$SERVER["socket"] == 192.168.1.2:443″ {
server.document-root = “/var/www/lighttpd/wiki”
ssl.engine = “enable”
ssl.pemfile = “/etc/lighttpd/ssl/server.pem”
}

Don’t forget to put your server.pem ssl cert in that pemfile directory and change wiki to w or whatever your wiki root is. I also had to change $wgScriptPath to null in the wiki’s LocalSettings.php, otherwise it would always look for “/wiki”

Make sure “mod_redirect” is enabled in lighttpd.conf, restart the service and you’re done.