[Solved] Enabling support for https

Help with getting the CMS CORE package up and running. This does not include 3rd party modules, PHP scripts, anything downloaded via module manager or from any external source.
Locked
hasanen
Forum Members
Forum Members
Posts: 38
Joined: Tue Feb 15, 2011 8:44 am
Location: Helsinki, Finland

[Solved] Enabling support for https

Post by hasanen »

I purchased ssl-certificate for my site and got it working.

How should I configure CMSMS so that my adminpanel doesn't broke and user can browse my site either with or without https?

If I'm checking source of https://mydomain.com, all links are for http://mydomain.com and so is the url in base-tag. Or is this a bug? Is there way to modify those urls so that there is only path (like mydomain.com/my/fancy/page -> /my/fancy/page) in it?
Last edited by hasanen on Fri Jun 06, 2014 9:46 am, edited 1 time in total.
User avatar
velden
Dev Team Member
Dev Team Member
Posts: 3304
Joined: Mon Nov 28, 2011 9:29 am
Location: The Netherlands

Re: Enabling support for https

Post by velden »

Read pdf file which comes in /doc directory of cmsms install. You probably need to configure this in config.php
hasanen
Forum Members
Forum Members
Posts: 38
Joined: Tue Feb 15, 2011 8:44 am
Location: Helsinki, Finland

Re: Enabling support for https

Post by hasanen »

There is option called ssl_url, but setting that doesn't change those urls to start with https.

There is also option for showing the base-tag, but setting it false doesn't remove the tag itself (seems to be bug).

I'm using latest version of cmsms (forgot to mention that).

My chrome seems to drop all http request when using https, so the site itself and adminpanel aren't very usable.

Edit:

I think I could put https url as the root_url, but it doesn't solve the problem which (for me) is that cmsms doesn't allow to use http/https together at the same time with easy setup (actually, there shouldn't even be any setup for that if urls would just be paths).

Edit 2:
In that pdf it says that option is "show_base" althought in line 32 in plugin.metadata.php it is checking against "showbase". Removing underscore I got that base-tag to disappear.
uniqu3

Re: Enabling support for https

Post by uniqu3 »

Regarding https, did you actually set content pages to SSL? The checkbox when editing a page under Options tab?
As far i remember the 'ssl_url' config relies on that.

If you want your complete website including backend to run in SSL then set root_url to https and redirect from default port 80 to SSL 443 in .htaccess.

Code: Select all

RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
hasanen
Forum Members
Forum Members
Posts: 38
Joined: Tue Feb 15, 2011 8:44 am
Location: Helsinki, Finland

Re: Enabling support for https

Post by hasanen »

uniqu3 wrote:Regarding https, did you actually set content pages to SSL? The checkbox when editing a page under Options tab?
As far i remember the 'ssl_url' config relies on that.

If you want your complete website including backend to run in SSL then set root_url to https and redirect from default port 80 to SSL 443 in .htaccess.

Code: Select all

RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

No, I didn't. I'd like to offer possibility to user to choose which protocol to use, not force it (there is no form in site - yet).

Thank you for that htaccess stuff, I keep it in mind.

I don't mean this as a rant or anything, I do appreciate all the ones who are working with CMSMS (core or modules). I just don't see that there is point where cmsms should be aware of used protocol (excluding forcing https). I think that removing checking protocol could reduce a lot of code (at least in plugin.cms_stylesheet.php) and ease maintenance.

Form your post (uniqu3), I understood that there is no way to all site to be browsable with http AND https at the same time. Am I correct? I haven't check the code of new 2.0 version, but I assume it is working same way. Perhaps I could create feature request and find some time and offer patch for it.
User avatar
Jo Morg
Dev Team Member
Dev Team Member
Posts: 1802
Joined: Mon Jan 29, 2007 4:47 pm

Re: Enabling support for https

Post by Jo Morg »

hasanen wrote:Form your post (uniqu3), I understood that there is no way to all site to be browsable with http AND https at the same time. Am I correct?
I didn't test it myself but I believe that it is possible and CMSMS deals with that easily. However, what I think that makes browsers stall is mixed protocols on the same request. It is a problem with the browsers, and not CMSMS, if that is the case. The most frequent solution (I think, I had to search for this a year or so ago...) is to avoid media/frames/etc... being called on a different protocol than that of the page request. Not sure if that is your case, but may be worthwhile investigating.
"There are 10 types of people in this world, those who understand binary... and those who don't."
* by the way: English is NOT my native language (sorry for any mistakes...).
Code of Conduit | CMSMS Docs | Help Support CMSMS
My developer Page on the Forge | Yet another blog about CMSMS
GeekMoot 2015 in Ghent, Belgium: I was there!
GeekMoot 2016 in Leicester, UK: I was there!
hasanen
Forum Members
Forum Members
Posts: 38
Joined: Tue Feb 15, 2011 8:44 am
Location: Helsinki, Finland

Re: Enabling support for https

Post by hasanen »

I didn't mean "same time" as in that way. I think it's only good that browsers drops http-requests if user is trying to use https.

What I'd like to achieve:
User A goes 'http://www.mydomain.com ->
All urls (links to cmsms and stylesheets) are starting with http.

User B goes 'http://www.mydomain.com ->
All urls (links to cmsms and stylesheets) are starting with https.

So it's up to user which protocol s/he is using and cmsms would support that. Now I think the only way to support https is to enable forcing.

For example, I could create self-signed certificates for each of my customers and instruct them to accept exception in their browsers. Yet users on their sites could use http without browser warnings.
Last edited by velden on Fri Jun 06, 2014 7:43 am, edited 1 time in total.
Reason: added quote before links to prevent it becomes clickable
User avatar
velden
Dev Team Member
Dev Team Member
Posts: 3304
Joined: Mon Nov 28, 2011 9:29 am
Location: The Netherlands

Re: Enabling support for https

Post by velden »

Sure you don't mean?
User B goes 'httpS://www.mydomain.com ->
All urls (links to cmsms and stylesheets) are starting with https.
uniqu3

Re: Enabling support for https

Post by uniqu3 »

To be honest, i do not see any reason why one would use SSL if it's only optional, site is either SSL or not, or specific pages, but allowing "both" for same page/content has no point at all.
SSL is used for secured data transmission and if sensible data is transmitted i wouldn't give my site visitor a option for that, either it's secured or not, but not both.

But if in example you want Frontend to be simple "http" but backend as SSL then you should use 'admin_url' config.
Whereby a note on this, not all modules work well with SSL backend.

Sample config i have been using:

Code: Select all

$config['root_url'] = 'http://domain.com';
$config['ssl_url'] = 'https://domain.com';
$config['admin_dir'] = 'admin';
$config['admin_url'] = $config['ssl_url'] . DIRECTORY_SEPARATOR . $config['admin_dir'];
hasanen
Forum Members
Forum Members
Posts: 38
Joined: Tue Feb 15, 2011 8:44 am
Location: Helsinki, Finland

Re: Enabling support for https

Post by hasanen »

velden wrote:Sure you don't mean?
User B goes 'httpS://www.mydomain.com ->
All urls (links to cmsms and stylesheets) are starting with https.
Yes, thanks.
uniqu3 wrote: But if in example you want Frontend to be simple "http" but backend as SSL then you should use 'admin_url' config.
Whereby a note on this, not all modules work well with SSL backend.

Sample config i have been using:

Code: Select all

$config['root_url'] = 'http://domain.com';
$config['ssl_url'] = 'https://domain.com';
$config['admin_dir'] = 'admin';
$config['admin_url'] = $config['ssl_url'] . DIRECTORY_SEPARATOR . $config['admin_dir'];
Thanks for this! Didn't think it could be done like this.

Well, maybe my example wasn't the best one - the point just being that I think and prefer links starting with slash without any association to domain itself.
Locked

Return to “[locked] Installation, Setup and Upgrade”