I need to use HTTPS for login into MAAS web interface. But when I goto https:// ip-of-maas /MAAS/, it redirects you to http:// ip-of-maas /MAAS/accounts/login/?next=%2FMAAS%2F which makes HTTPS useless as password will be transported in plain text. I also tried it by following steps given in documentation for supporting SSL which basically asks you to run this command:
maas-region-admin local_config_set --maas-url="https://localhost:5240/MAAS"
I also tried updating maas_url with https in /etc/maas/clusterd.conf but still the behavior is same.
I need to disable web access to MAAS through HTTP. So I have used apache module rewrite for redirecting all HTTP requests to HTTPS which overcomes this behavior:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{REMOTE_ADDR} !^10\.10\..*$
RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,NE,L]
This basically redirects all HTTP requests from subnet different from 10.10.0.0/16 to HTTPS.
Shouldn't MAAS automatically redirect you to HTTPS url once you land on https:// ip-of-maas /MAAS/. Am I missing any configuration ?
Is this a bug that I should raise on launchpad ?
