Switching to https
Switching the scheme an existing XOOPS installation from http
is a common concern. XOOPS developers have been investigating ways we can assist in making this transition easier for the XOOPS webmasters everywhere. In this post we will introduce two new tools that can help us in achieving that goal.
Let's review the basic recommended process for switching a site from http to https:
Before you make any changes, make a backup!
It may take a few minutes to download a copy of your site and its database, but those minutes are nothing compared to the hours it may take to recover from a mistake, or even worse losing all of your content. Do backups for safety before changing anything.1)
on your domain. To achieve this, you typically need to work with (or possibly change) your hosting provider to adjust the configuration and install the needed certificate. We really cannot help much with this layer, but it is a prerequisite to achieving the change to the https
Review the files that make up your site, both PHP code
, looking for explicit "http://"
references. This may be easiest with an editor/IDE intended for developers - examples are any IntelliJ product, Eclipse, Sublime Text, Kate, Notepad++. The hardcore geek may find grep, sed and vi to be the best tools, but most of us will appreciate the GUI based search and replace across multiple files that these editors make available.
You need to identify and change (to https) any direct links into your site using http as well as any assets such as js, css or similar files directly loaded with an http URL. These can easily creep in with things such as CDN, sharing services, font servers. All these will need to be changed to https. Remember, what we want to change are links to our own site, and any assets which may be included when our site builds its pages. We don't need to change things like links to pages on other websites.3)
Update the XOOPS_URL
definition in your site's mainfile.php
to start with "https://"
This will cause any URL's generated by XOOPS to start using the https scheme.
At this point, your site should be trying to use SSL, but will in all likelihood have issues -- broken images, errors and warnings in the browser console, etc. Don't worry, this is normal at this point.4)
Update any http links to resources on your site in your database. This can be a huge effort, and this is the focus of one of our new tools.Interconnect/it
has a product called Search-Replace-DB which can help with this. It comes with awareness of Wordpress and Drupal environments built in. As is, this tool can be very helpful, but it is even better when it is aware of your XOOPS. You can find a XOOPS aware version at https://github.com/geekwright/srdb
Follow the instructions in the README.md file to download and temporarily install this utility on your site. In step 3, we changed the XOOPS_URL define. When you run this tool, you want to replace the original XOOPS_URL definition with the new definition, i.e replace http://example.com
Enter your old and new URLs, and choose the dry run
option. Review the changes, and if everything looks good, go for the live run
option. This step will catch configuration items and links inside your content that refer to your site using http.
Another way to accomplish this step without the srdb tool would be to dump your database, edit the dump in a text editor changing the http URLs to https, and then reloading the database from your edited dump. Yes, that process is involved enough and carries enough risk that people were motivated to create specialized tools such as Search-Replace-DB.5)
Redirect any http traffic to your website to the https version. Since you can't go out and change everyone's bookmarks and links to your site, you will need to redirect these requests as they reach your site. Your webserver usually has the best tools to accomplish that. Your sever has the ability to establish rewrite rules that will redirect the traffic as appropriate. These will vary according to your exact server configuration. There are many tutorials and quick fix recipes out there.
If for some reason, you cannot use rewrite rules, there is a way to do the required redirection in XOOPS. We can accomplish this by adding some code to your mainfile.php file. The code we will be adding can be found at https://gist.github.com/geekwright/5cc0b93b41b9515b3f06ad3d6b9dd772
Add the code from that Gist (without the opening php tag) directly under the line in your mainfile.php that defines XOOPS_URL. Then, if the scheme of the current transaction does not match the scheme specified in XOOPS_URL, the current transaction will result in a 301 (Permanently Moved) redirect to the URL with the appropriate scheme.
With the 301 status return, search engine crawlers will quickly re-index your content, and existing indexed links will still lead to the correct content.6)
Clear caches in XOOPS and your browser, then test and enjoy your new SSL enabled site. Don't forget to remove srdb once you have verified everything is working.7)
Please share your experiences with the community so we can continue to make this easier for XOOPS webmasters!XOOPS Resources:
srdb - https://github.com/geekwright/srdb
301 redirects in mainfile - https://gist.github.com/geekwright/5cc0b93b41b9515b3f06ad3d6b9dd772Rewrite rules:
Apache - http://httpd.apache.org/docs/2.4/rewrite/
Nginx - https://www.nginx.com/blog/creating-nginx-rewrite-rules/
IIS - https://www.iis.net/learn/extensions/u ... or-the-url-rewrite-module