Hi all

I have a bsic question:
If I want to switch a website from http to https, what do I have to adopt/change in a running xoops website (2.5.7 or higher)

Passed as two weeks ago ...
It is necessary to replace the http to https in mainfile.php
And if you use rekaptcha In the File /class/captcha/recaptcha/recaptchalib.php correct line:

That's all .

And, do not forget to register in .htaccess redirect
Something like this:

hi aerograf

thanks for quick reply.
Ok, then I will test it and report if I have problems.

To hide the external links, add the .htaccess

and a link to do so

Quote:

Thanks for reporting this! This appears to be a safe change even if you are not using https for your main site, since it affects the URL for Google API. I've added this change to version 2.5.9. The replacement, Recaptcha v2 is supported there already, and always uses https.

Quote:

Please do! It is important that XOOPS fully supports SSL.

The only issue I am aware of is inconsistent handling of the secure flag on cookies. Patches are in for session and remember me cookies. There are others, but they present less of an issue and are not being changed at this time.

If you do find anything else, please let us know. We really need it to work correctly.

Thanks!

The ssl problem with mixed content, and decide now with the editors that have inserted links users excluding http: //. But not everyone supports ssl therefore looking for a solution through the above or /redirect.php?site=.
But not everything is working correctly.
Do ideas and solutions?

Quote:

For internal links, where http links to your own site's content are embedded in your content, you can dump the database, replace all the occurrences, (i.e. change all http://example.com to https://example.com) and then reload it. There are also tools to do that in-place in the database. It is a one shot task, and really should only take a few minutes.

For external links where you are essentially hot linking someone else's content, you either accept the warnings, or you implement some sort of proxy. That is expensive (you end up carrying bandwidth to fetch and send out resources from the other sites, up from 0% to 200% of the cost) and it is risky, you have to engineer in protection to keep your site from being used as a proxy by other sites (a situation that could consume an entire month's bandwidth for a low price hosting plan in a matter of minutes.)

If you had a robust cache strategy, you could cut down the resource requirements. We do something like that for oEmbed content in XOOPS 2.6 already. That concept could be adapted to handle http proxying for this situation. But, 2.6 has a much more scalable cache already. It also has a more modular text sanitizer which could help in implementing the details.

It isn't impossible, but it is not something everyone would want to put into place. At this point, it isn't feasible to dedicate that much additional effort to the 2.5 series.

If the basic support for self hosted content over SSL doesn't work, that is a bug and will be fixed. A comprehensive proxy solution for remote hosted content is an enhancement which will be deferred to the next generation of XOOPS.

Hello,

I try with your instruction, but some of images do not display correctly. Do you have somme idea else?

Regards.