xoops forums

geekwright

Quite a regular
Posted on: 4/26 1:16
geekwright
geekwright (Show more)
Quite a regular
Posts: 225
Since: 2010/10/15
#1

Switching to https

Switching the scheme an existing XOOPS installation from http to https is a common concern. XOOPS developers have been investigating ways we can assist in making this transition easier for the XOOPS webmasters everywhere. In this post we will introduce two new tools that can help us in achieving that goal.

Let's review the basic recommended process for switching a site from http to https:

Before you make any changes, make a backup! It may take a few minutes to download a copy of your site and its database, but those minutes are nothing compared to the hours it may take to recover from a mistake, or even worse losing all of your content. Do backups for safety before changing anything.

1) Enable SSL on your domain. To achieve this, you typically need to work with (or possibly change) your hosting provider to adjust the configuration and install the needed certificate. We really cannot help much with this layer, but it is a prerequisite to achieving the change to the https scheme.

2) Review the files that make up your site, both PHP code and templates, looking for explicit "http://" references. This may be easiest with an editor/IDE intended for developers - examples are any IntelliJ product, Eclipse, Sublime Text, Kate, Notepad++. The hardcore geek may find grep, sed and vi to be the best tools, but most of us will appreciate the GUI based search and replace across multiple files that these editors make available.

You need to identify and change (to https) any direct links into your site using http as well as any assets such as js, css or similar files directly loaded with an http URL. These can easily creep in with things such as CDN, sharing services, font servers. All these will need to be changed to https. Remember, what we want to change are links to our own site, and any assets which may be included when our site builds its pages. We don't need to change things like links to pages on other websites.

3) Update the XOOPS_URL definition in your site's mainfile.php to start with "https://" This will cause any URL's generated by XOOPS to start using the https scheme.

At this point, your site should be trying to use SSL, but will in all likelihood have issues -- broken images, errors and warnings in the browser console, etc. Don't worry, this is normal at this point.

4) Update any http links to resources on your site in your database. This can be a huge effort, and this is the focus of one of our new tools.

Interconnect/it has a product called Search-Replace-DB which can help with this. It comes with awareness of Wordpress and Drupal environments built in. As is, this tool can be very helpful, but it is even better when it is aware of your XOOPS. You can find a XOOPS aware version at https://github.com/geekwright/srdb

Follow the instructions in the README.md file to download and temporarily install this utility on your site. In step 3, we changed the XOOPS_URL define. When you run this tool, you want to replace the original XOOPS_URL definition with the new definition, i.e replace http://example.com with https://example.com

Enter your old and new URLs, and choose the dry run option. Review the changes, and if everything looks good, go for the live run option. This step will catch configuration items and links inside your content that refer to your site using http.

Another way to accomplish this step without the srdb tool would be to dump your database, edit the dump in a text editor changing the http URLs to https, and then reloading the database from your edited dump. Yes, that process is involved enough and carries enough risk that people were motivated to create specialized tools such as Search-Replace-DB.

5) Redirect any http traffic to your website to the https version. Since you can't go out and change everyone's bookmarks and links to your site, you will need to redirect these requests as they reach your site. Your webserver usually has the best tools to accomplish that. Your sever has the ability to establish rewrite rules that will redirect the traffic as appropriate. These will vary according to your exact server configuration. There are many tutorials and quick fix recipes out there.

If for some reason, you cannot use rewrite rules, there is a way to do the required redirection in XOOPS. We can accomplish this by adding some code to your mainfile.php file. The code we will be adding can be found at https://gist.github.com/geekwright/5cc0b93b41b9515b3f06ad3d6b9dd772

Add the code from that Gist (without the opening php tag) directly under the line in your mainfile.php that defines XOOPS_URL. Then, if the scheme of the current transaction does not match the scheme specified in XOOPS_URL, the current transaction will result in a 301 (Permanently Moved) redirect to the URL with the appropriate scheme.

With the 301 status return, search engine crawlers will quickly re-index your content, and existing indexed links will still lead to the correct content.

6) Clear caches in XOOPS and your browser, then test and enjoy your new SSL enabled site. Don't forget to remove srdb once you have verified everything is working.

7) Please share your experiences with the community so we can continue to make this easier for XOOPS webmasters!

XOOPS Resources:
srdb - https://github.com/geekwright/srdb
301 redirects in mainfile - https://gist.github.com/geekwright/5cc0b93b41b9515b3f06ad3d6b9dd772

Rewrite rules:
Apache - http://httpd.apache.org/docs/2.4/rewrite/
Nginx - https://www.nginx.com/blog/creating-nginx-rewrite-rules/
IIS - https://www.iis.net/learn/extensions/u ... or-the-url-rewrite-module

aerograf

Not too shy to talk
Posted on: 4/27 8:03
aerograf
aerograf (Show more)
Not too shy to talk
Posts: 154
Since: 1/7 19:01
#2

Re: Switching to https

I will add as an add-on:
https://xoops.org/modules/newbb/viewto ... hp?start=0&topic_id=78171

Hadesteam

Not too shy to talk
Posted on: 5/20 15:53
Hadesteam
Hadesteam (Show more)
Not too shy to talk
Posts: 159
Since: 2011/9/5 1
#3

Re: Switching to https

Thank you for this tutorial! Very useful thing. Everything I did point by point, but still not showing green padlock ... in admin panel is displayed ... I searched the whole theme and I did not find any address from http (not including banner ad addresses, but the addresses of external servers).

Maybe someone will see and suggest where else is an address from http? I have not been able to redirect 301 on the mainfile but it probably does not affect the fact that there is no green stick and the connection is not fully secure.

This page is trying to load scripts from non-authenticated sources

Hadesteam

Not too shy to talk
Posted on: 5/20 18:59
Hadesteam
Hadesteam (Show more)
Not too shy to talk
Posts: 159
Since: 2011/9/5 1
#4

Re: Switching to https

Problem solved, I had to change the script on https and in two images also. https://www.kulturystyka.org.pl - can you see if everything works as it should

Big thanks geekwright and aerograf !