Express Plus: How should we go about redirecting http to https?


(Paul) #1

Can login credentials to openemr be compromised via http since no encryption occurs?

If so, should we redirect http on the webserver to https?

It also seems that port 80 is necessary for ssl updates…so any advice greatly appreciated.


(Asher Densmore-Lynn) #2

You’re certainly welcome to redirect – adjust the httpd.conf in the OpenEMR container and restart as you require, adding your certificates (if necessary) and your SSL certificates.


(Dan Ehrlich) #3

Paul:

Later today I will post the exact code you need to do this and the instructions on how to edit the files.

In future versions of OpenEMR, we are going to put this code in by default, but commented out.

Then all you’ll need to do is uncomment it (remove the hash character at the beginning of a few lines) and you’ll be good to go.


(Paul) #4

Not sure what the inference is in the last reply but…its just an honest question.

I admit, im not so savvy with docker and getting into the containers to do command line work.

I hope all is well though, I have figured out before how to redirect http to https. The only thing holding me back is that I have to figure out how to get a command line working in the container to edit the config file.