1
goffy
http to https
  • 2017/2/18 16:17

  • goffy

  • Just can't stay away

  • Posts: 543

  • Since: 2010/12/27


Hi all

I have a bsic question:
If I want to switch a website from http to https, what do I have to adopt/change in a running xoops website (2.5.7 or higher)

2
aerograf
Re: http to https
  • 2017/2/18 17:06

  • aerograf

  • Quite a regular

  • Posts: 214

  • Since: 2017/1/7 1


Passed as two weeks ago ...
It is necessary to replace the http to https in mainfile.php
And if you use rekaptcha In the File /class/captcha/recaptcha/recaptchalib.php correct line:
function recaptcha_get_html ($ pubkey, $ error null, $ use_ssl true)

That's all .

3
aerograf
Re: http to https
  • 2017/2/18 17:14

  • aerograf

  • Quite a regular

  • Posts: 214

  • Since: 2017/1/7 1


And, do not forget to register in .htaccess redirect
Something like this:
RewriteCond% {HTTP_HOST} ^ yurl.org
RewriteRule 
(. *) Https://www.yurl.org/$1 [R = 301, L]
RewriteCond% {THE_REQUEST} ^ [A-Z] {3,9}  / index  .php  HTTP /
RewriteRule index  .php https://www.yurl.org/ [R = 301, L]

4
goffy
Re: http to https
  • 2017/2/18 17:21

  • goffy

  • Just can't stay away

  • Posts: 543

  • Since: 2010/12/27


hi aerograf

thanks for quick reply.
Ok, then I will test it and report if I have problems.

5
aerograf
Re: http to https
  • 2017/2/18 20:23

  • aerograf

  • Quite a regular

  • Posts: 214

  • Since: 2017/1/7 1


To hide the external links, add the .htaccess
#Links rewrite
RewriteRule rew /(.*)$ http// $ 1 [L]
RewriteRule rews /(.*)$ https// $ 1 [L]

and a link to do so
href "/ rew / www.site ....

6
geekwright
Re: http to https

Quote:

aerograf wrote:
...
And if you use rekaptcha In the File /class/captcha/recaptcha/recaptchalib.php correct line:
function recaptcha_get_html ($ pubkey, $ error null, $ use_ssl true)

...


Thanks for reporting this! This appears to be a safe change even if you are not using https for your main site, since it affects the URL for Google API. I've added this change to version 2.5.9. The replacement, Recaptcha v2 is supported there already, and always uses https.

7
geekwright
Re: http to https

Quote:

goffy wrote:
...
Ok, then I will test it and report if I have problems.


Please do! It is important that XOOPS fully supports SSL.

The only issue I am aware of is inconsistent handling of the secure flag on cookies. Patches are in for session and remember me cookies. There are others, but they present less of an issue and are not being changed at this time.

If you do find anything else, please let us know. We really need it to work correctly.

Thanks!

8
aerograf
Re: http to https
  • 2017/2/19 9:37

  • aerograf

  • Quite a regular

  • Posts: 214

  • Since: 2017/1/7 1


The ssl problem with mixed content, and decide now with the editors that have inserted links users excluding http: //. But not everyone supports ssl therefore looking for a solution through the above or /redirect.php?site=.
But not everything is working correctly.
Do ideas and solutions?

9
geekwright
Re: http to https

Quote:

aerograf wrote:
The ssl problem with mixed content, and decide now with the editors that have inserted links users excluding http: //. But not everyone supports ssl therefore looking for a solution through the above or /redirect.php?site=.
But not everything is working correctly.
Do ideas and solutions?


For internal links, where http links to your own site's content are embedded in your content, you can dump the database, replace all the occurrences, (i.e. change all http://example.com to https://example.com) and then reload it. There are also tools to do that in-place in the database. It is a one shot task, and really should only take a few minutes.

For external links where you are essentially hot linking someone else's content, you either accept the warnings, or you implement some sort of proxy. That is expensive (you end up carrying bandwidth to fetch and send out resources from the other sites, up from 0% to 200% of the cost) and it is risky, you have to engineer in protection to keep your site from being used as a proxy by other sites (a situation that could consume an entire month's bandwidth for a low price hosting plan in a matter of minutes.)

If you had a robust cache strategy, you could cut down the resource requirements. We do something like that for oEmbed content in XOOPS 2.6 already. That concept could be adapted to handle http proxying for this situation. But, 2.6 has a much more scalable cache already. It also has a more modular text sanitizer which could help in implementing the details.

It isn't impossible, but it is not something everyone would want to put into place. At this point, it isn't feasible to dedicate that much additional effort to the 2.5 series.

If the basic support for self hosted content over SSL doesn't work, that is a bug and will be fixed. A comprehensive proxy solution for remote hosted content is an enhancement which will be deferred to the next generation of XOOPS.

10
justinebaby
Re: http to https

Hello,

I try with your instruction, but some of images do not display correctly. Do you have somme idea else?

Regards.

Login

Who's Online

217 user(s) are online (133 user(s) are browsing Support Forums)


Members: 0


Guests: 217


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits