an initial https connection might still end up as http on the backend. in that case we don't want to redirect

3 files changed, 13 insertions, 15 deletions

diff --git a/templates/vhosts/default.erb b/templates/vhosts/default.erb
index 5201406..2eab3d7 100644
--- a/templates/vhosts/default.erb
+++ b/templates/vhosts/default.erb
@@ -11,12 +11,12 @@ vhost_parts.each do |vhost_part| -%>
 
 <%= scope.function_template(['apache/vhosts/partials/logs.erb']) %>
 
-  <% if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
+<% if run_mode.to_s =~ /(proxy\-|static\-)?itk/ -%>
   <IfModule mpm_itk_module>
       AssignUserId <%= run_uid+" "+run_gid %>
   </IfModule>
 
-  <% elsif run_mode.to_s == 'fcgid' && !(ssl_mode == 'force' && vhost_part == :normal) -%>
+<% elsif run_mode.to_s == 'fcgid' && !(ssl_mode == 'force' && vhost_part == :normal) -%>
   <IfModule mod_fcgid.c>
     SuexecUserGroup <%= run_uid+" "+run_gid %>
     FcgidMaxRequestsPerProcess 5000
@@ -24,16 +24,15 @@ vhost_parts.each do |vhost_part| -%>
     AddHandler fcgid-script .<%= passing_extension %>
   </IfModule>
 
-  <% end -%>
-  <% if ssl_mode == 'force' && vhost_part == :normal -%>
+<% end -%>
+<% if ssl_mode == 'force' && vhost_part == :normal -%>
   RewriteEngine On
   RewriteCond %{HTTPS} !=on
   RewriteCond %{HTTP:X-Forwarded-Proto} !=https
   RewriteRule (.*) https://%{SERVER_NAME}$1 [R=permanent,L]
-  <% else -%>
+<% end -%>
 <%= scope.function_templatewlv([template_partial, {'vhost_part' => vhost_part } ]) %>
-  <% end -%>
-<%- unless template_partial == 'apache/vhosts/itk_plus/partial.erb' -%>
+<% unless template_partial == 'apache/vhosts/itk_plus/partial.erb' -%>
 <%= scope.function_template(['apache/vhosts/partials/mod_security.erb']) %>
 <% end -%>
 <% unless additional_options.to_s == 'absent' -%>
diff --git a/templates/vhosts/gitweb/partial.erb b/templates/vhosts/gitweb/partial.erb
index 7238ebe..c04f1c3 100644
--- a/templates/vhosts/gitweb/partial.erb
+++ b/templates/vhosts/gitweb/partial.erb
@@ -1,10 +1,9 @@
-    <% unless ssl_mode.to_s == 'force' -%>
     SetEnv GITWEB_CONFIG <%= gitweb_config %>
     DirectoryIndex gitweb.cgi
     <Directory "<%= documentroot %>/">
-        <% if options.to_s != 'absent' or do_includes.to_s == 'true'-%>
+<% if options.to_s != 'absent' || do_includes.to_s == 'true'-%>
         Options <% unless options.to_s == 'absent' -%><%= options %><% end -%><% if do_includes.to_s == 'true' && !options.include?('+Includes') -%> +Includes<% end -%><% unless options.include?('+ExecCGI') -%> +ExecCGI<% end -%>
-        <% end -%>
+<% end -%>
 
         AddHandler cgi-script .cgi
         <Files gitweb.cgi>
@@ -16,4 +15,3 @@
 
 <%= scope.function_template(['apache/vhosts/partials/authentication.erb']) %>
     </Directory>
-    <% end -%>
diff --git a/templates/vhosts/php_silverstripe/partial.erb b/templates/vhosts/php_silverstripe/partial.erb
index 89a6052..9ff32db 100644
--- a/templates/vhosts/php_silverstripe/partial.erb
+++ b/templates/vhosts/php_silverstripe/partial.erb
@@ -1,9 +1,10 @@
-<% if vhost_part != :ssl && ![false,'false'].include?(ssl_mode) -%>
     # silverstripe
-    RedirectMatch /admin(.*) https://<%= servername %>/admin$1
-    RedirectMatch /Security(.*) https://<%= servername %>/Security$1
+    RewriteEngine On
+    RewriteCond %{HTTPS} !=on
+    RewriteCond %{HTTP:X-Forwarded-Proto} !=https
+    RewriteRule /admin(.*) https://<%= servername %>/admin$1 [L,R,NE]
+    RewriteRule /Security(.*) https://<%= servername %>/Security$1 [L,R,NE]
 
-<% end -%>
     <Directory "<%= documentroot %>/">
 
 <%= scope.function_template(['apache/vhosts/partials/std_override_options.erb']) %>