CMS Made Simple Forums

I purchased ssl-certificate for my site and got it working.

How should I configure CMSMS so that my adminpanel doesn't broke and user can browse my site either with or without https?

If I'm checking source of https://mydomain.com, all links are for http://mydomain.com and so is the url in base-tag. Or is this a bug? Is there way to modify those urls so that there is only path (like mydomain.com/my/fancy/page -> /my/fancy/page) in it?

Read pdf file which comes in /doc directory of cmsms install. You probably need to configure this in config.php

There is option called ssl_url, but setting that doesn't change those urls to start with https.

There is also option for showing the base-tag, but setting it false doesn't remove the tag itself (seems to be bug).

I'm using latest version of cmsms (forgot to mention that).

My chrome seems to drop all http request when using https, so the site itself and adminpanel aren't very usable.

Edit:

I think I could put https url as the root_url, but it doesn't solve the problem which (for me) is that cmsms doesn't allow to use http/https together at the same time with easy setup (actually, there shouldn't even be any setup for that if urls would just be paths).

Edit 2:
In that pdf it says that option is "show_base" althought in line 32 in plugin.metadata.php it is checking against "showbase". Removing underscore I got that base-tag to disappear.

Regarding https, did you actually set content pages to SSL? The checkbox when editing a page under Options tab?
As far i remember the 'ssl_url' config relies on that.

If you want your complete website including backend to run in SSL then set root_url to https and redirect from default port 80 to SSL 443 in .htaccess.

uniqu3 wrote:Regarding https, did you actually set content pages to SSL? The checkbox when editing a page under Options tab?
As far i remember the 'ssl_url' config relies on that.

If you want your complete website including backend to run in SSL then set root_url to https and redirect from default port 80 to SSL 443 in .htaccess.

Code: Select all

RewriteCond %{SERVER_PORT} !^443$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

No, I didn't. I'd like to offer possibility to user to choose which protocol to use, not force it (there is no form in site - yet).

Thank you for that htaccess stuff, I keep it in mind.

I don't mean this as a rant or anything, I do appreciate all the ones who are working with CMSMS (core or modules). I just don't see that there is point where cmsms should be aware of used protocol (excluding forcing https). I think that removing checking protocol could reduce a lot of code (at least in plugin.cms_stylesheet.php) and ease maintenance.

Form your post (uniqu3), I understood that there is no way to all site to be browsable with http AND https at the same time. Am I correct? I haven't check the code of new 2.0 version, but I assume it is working same way. Perhaps I could create feature request and find some time and offer patch for it.

hasanen wrote:Form your post (uniqu3), I understood that there is no way to all site to be browsable with http AND https at the same time. Am I correct?

I didn't test it myself but I believe that it is possible and CMSMS deals with that easily. However, what I think that makes browsers stall is mixed protocols on the same request. It is a problem with the browsers, and not CMSMS, if that is the case. The most frequent solution (I think, I had to search for this a year or so ago...) is to avoid media/frames/etc... being called on a different protocol than that of the page request. Not sure if that is your case, but may be worthwhile investigating.

I didn't mean "same time" as in that way. I think it's only good that browsers drops http-requests if user is trying to use https.

What I'd like to achieve:
User A goes 'http://www.mydomain.com ->
All urls (links to cmsms and stylesheets) are starting with http.

User B goes 'http://www.mydomain.com ->
All urls (links to cmsms and stylesheets) are starting with https.

So it's up to user which protocol s/he is using and cmsms would support that. Now I think the only way to support https is to enable forcing.

For example, I could create self-signed certificates for each of my customers and instruct them to accept exception in their browsers. Yet users on their sites could use http without browser warnings.

Sure you don't mean?

User B goes 'httpS://www.mydomain.com ->
All urls (links to cmsms and stylesheets) are starting with https.

To be honest, i do not see any reason why one would use SSL if it's only optional, site is either SSL or not, or specific pages, but allowing "both" for same page/content has no point at all.
SSL is used for secured data transmission and if sensible data is transmitted i wouldn't give my site visitor a option for that, either it's secured or not, but not both.

But if in example you want Frontend to be simple "http" but backend as SSL then you should use 'admin_url' config.
Whereby a note on this, not all modules work well with SSL backend.

Sample config i have been using:

velden wrote:Sure you don't mean?

User B goes 'httpS://www.mydomain.com ->
All urls (links to cmsms and stylesheets) are starting with https.

Yes, thanks.

uniqu3 wrote: But if in example you want Frontend to be simple "http" but backend as SSL then you should use 'admin_url' config.
Whereby a note on this, not all modules work well with SSL backend.

Sample config i have been using:

Code: Select all

$config['root_url'] = 'http://domain.com';
$config['ssl_url'] = 'https://domain.com';
$config['admin_dir'] = 'admin';
$config['admin_url'] = $config['ssl_url'] . DIRECTORY_SEPARATOR . $config['admin_dir'];

Thanks for this! Didn't think it could be done like this.

Well, maybe my example wasn't the best one - the point just being that I think and prefer links starting with slash without any association to domain itself.