I'm noticing that there doesn't seem to be a configuration parameter or any reasonable way to enforce all communications to use SSL-secured HTTP in the Web interface.

My current hosting setup is as follows:

<verbatim>
# /etc/xinetd.d/fossil-some-site 
service fossil-some-site
{
    socket_type = stream
    type = UNLISTED
    wait = no
    disable = no
    user = root
    server = /opt/fossil/bin/fossil
    server_args = http /opt/fossil/repositories/some.site/fossil --notfound http://fossil.some.site/cgi-bin/fossil-list-repositories.cgi
    bind = fossil-some-site.fossil01.internal
    port = 8060
}
</verbatim>

<verbatim>
# /etc/httpd/vhosts.d/includes/fossil.some.site.conf 
# Mostly standard Red Hat virtual host boilerplate elided.

ProxyPass /cgi-bin !
ProxyPass / http://fossil.some.site/
ProxyPassReverse /cgi-bin !
ProxyPassReverse / http://fossil.some.site/
</verbatim>

<verbatim>
# /etc/hosts
127.0.0.1 localhost.localdomain localhost fossil01.internal fossil01
127.0.0.101 fossil-some-site.fossil01.internal fossil.some.site
...
</verbatim>

I haven't explored using the CGI method of deployment yet, nor have I explored the possibility of contributing patches to make this functionality a reality.  I also haven't explored whether or not this functionality already exists in a newer release, seeing as I am running a relatively ancient version of Fossil:

<verbatim>
fossil01% /opt/fossil/bin/fossil version
This is fossil version [d0753799e4] 2010-11-01 14:23:35 UTC
</verbatim>

My current workaround is just to interact with the software through the shell on the remote end (to set configuration parameters, manage users, etc.) and through the usual <tt>fossil update</tt>, <tt>fossil sync</tt>, et al. commands from my working copy, wherever it might be at the time.

I would like to be able to use the Web interface running remotely however. :)

There is currently no way to enforce 100% use of SSL