Hi,
I have our 3.0.20 octopus server setup to force https and the redirect is turned on.
Another forum post implies that this should work for GET operations, however when our users try to access the server from IE or Firefox the get a 400 Bad Request response.
{
"ErrorMessage": "There was a problem with your request.",
"Errors": [
"HTTPS is required for this request"
]
}
Hi Sean,
Thanks for getting in touch. Have you run through this already? http://docs.octopusdeploy.com/display/OD/Expose+the+Octopus+web+portal+over+HTTPS.
I’m going to assume you have, so I’d like to confirm some details with you so I can help out best:
I’ve run through this setup with Octopus 3.0.20 using a self-signed certificate (using the Octopus Manager) and I’ve tested in Chrome and IE 11 - both get the expected 304 Response redirecting to the HTTPS endpoint.
The setup script I get using the Octopus Manager is:
"netsh.exe" http delete sslcert ipport=0.0.0.0:443
"netsh.exe" http add sslcert ipport=0.0.0.0:443 appid={E2096A4C-2391-4BE1-9F17-E353F930E7F1} certhash=5D92983CC847116462533770432E8E57C35180BC certstorename=My
"c:\dev\OctopusDeploy\source\Octopus.Server\bin\Octopus.Server.exe" configure --instance "master" --webForceSSL "True"
"c:\dev\OctopusDeploy\source\Octopus.Server\bin\Octopus.Server.exe" configure --instance "master" --webListenPrefixes "http://localhost:8065/,https://localhost/"
"c:\dev\OctopusDeploy\source\Octopus.Server\bin\Octopus.Server.exe" service --instance "master" --stop --start
Hope this helps.
Mike
Hi Michael,
I have followed those instructions and I was able to select the cert etc. If I go back in now and just generate a script with the current settings I get
"C:\Program Files\Octopus Deploy\Octopus\Octopus.Server.exe" configure --instance "OctopusServer" --webForceSSL "True"
"C:\Program Files\Octopus Deploy\Octopus\Octopus.Server.exe" configure --instance "OctopusServer" --webListenPrefixes "http://localhost/,https://localhost/"
"C:\Program Files\Octopus Deploy\Octopus\Octopus.Server.exe" service --instance "OctopusServer" --stop --start
Obviously the cert bit doesn’t get generated as it has already been done.
Hi Sean,
Thanks for getting back to me again. It looks like you’re holding it right for localhost.
I’m sorry for the barrage of questions, some I should have asked before:
https://octopus.mycompany.com or https://octopusserver.local etc? The reason I’m asking is because you’ve only got localhost listed in your script.Thanks for taking the time to work this through with me.
Mike
Hi Michael,
Sorry I have fixed it now I didn’t realise that I had to add a binding for every possible alias for the server.
Add all the combinations (localhost http/s, servername http/s, dnsalias http/s) has resolved the issue.
For reference I am on 3.0.20
Hi Sean,
Thanks for getting back to me. No need to apologise! I’m glad you got it working OK.
The bindings for Octopus work just like IIS bindings since they actually sit right on top of http.sys - and you do need to add bindings for each hostname in order to share ports with other processes.
Out of curiosity, how are you finding 3.0? I’ve been really enjoying it myself.
Happy Deployments!
Mike
Hey Michael,
After these few small install issues (mostly due to my poor understanding) it looks really good! I love the new styles. I noticed we can use C# as pre/deploy/post scripts now too which will be great.
We are in a “review” stage at the moment where our teams are just verifying that our variables processes etc all look correct then we will be upgrading our non production tentacles. Can’t wait!
Hi Sean,
That sounds great. The ScriptCS support is handy though I’m firmly in Stockholm Syndome with PowerShell… In case you run into it, we’re waiting on some interesting features in ScriptCS that will enable Script Packs to be loaded at runtime, instead of during bootstrapping.
Hope it all goes smoothly for you!
Mike