KBEC-00100 - Changing the web server communication protocol

Article ID:360033194231
1 minute readKnowledge base

Description

By default, communication between the web browser and web server is secured using HTTPS. On internal networks, you can turn off the overhead of https by disabling the SSL communications between the web browser and the web server. Similarly, communication between the web server and the CloudBees CD (CloudBees Flow) server is also secured using HTTPS, and this can also be disabled.

Solution

Use the following steps to disable use of HTTPS between the web browser and the web server:

  • In the Apache conf directory on the web server, edit the file named httpd.conf
    Find and comment out (using the # mark) the two lines that look like

      #RewriteCond %{HTTPS} !=on
      #RewriteRule ^/commander/(.*) https://%{SERVER_NAME}:443%{REQUEST_URI} [NC,R,L]
  • In the same directory, edit the file named php.ini
    Change the following line to have a value of 0 (the default value is 1)

      session.cookie_secure = 0
  • Restart the web server (Apache).

Use the following steps to disable use of HTTPS between the web server and the CloudBees CD (CloudBees Flow) server:

  • In apache/htdocs/commander/config.php on the web server, add the lines shown below:

      $config["serverProto"] = "http";
      $config["httpPort"] = 8000;
  • Restart the web server (Apache).

Limitations

  1. This change exposes user login passwords in communications between the web browser and the web server.