xoops forums

goffy

Quite a regular
Posted on: 2/18 16:17
goffy
goffy (Show more)
Quite a regular
Posts: 296
Since: 2010/12/27
#1

http to https

Hi all

I have a bsic question:
If I want to switch a website from http to https, what do I have to adopt/change in a running xoops website (2.5.7 or higher)

aerograf

Not too shy to talk
Posted on: 2/18 17:06
aerograf
aerograf (Show more)
Not too shy to talk
Posts: 154
Since: 1/7 19:01
#2

Re: http to https

Passed as two weeks ago ...
It is necessary to replace the http to https in mainfile.php
And if you use rekaptcha In the File /class/captcha/recaptcha/recaptchalib.php correct line:
function recaptcha_get_html ($ pubkey, $ error null, $ use_ssl true)

That's all .

aerograf

Not too shy to talk
Posted on: 2/18 17:14
aerograf
aerograf (Show more)
Not too shy to talk
Posts: 154
Since: 1/7 19:01
#3

Re: http to https

And, do not forget to register in .htaccess redirect
Something like this:
RewriteCond% {HTTP_HOST} ^ yurl.org
RewriteRule 
(. *) Https://www.yurl.org/$1 [R = 301, L]
RewriteCond% {THE_REQUEST} ^ [A-Z] {3,9}  / index  .php  HTTP /
RewriteRule index  .php https://www.yurl.org/ [R = 301, L]

goffy

Quite a regular
Posted on: 2/18 17:21
goffy
goffy (Show more)
Quite a regular
Posts: 296
Since: 2010/12/27
#4

Re: http to https

hi aerograf

thanks for quick reply.
Ok, then I will test it and report if I have problems.

aerograf

Not too shy to talk
Posted on: 2/18 20:23
aerograf
aerograf (Show more)
Not too shy to talk
Posts: 154
Since: 1/7 19:01
#5

Re: http to https

To hide the external links, add the .htaccess
#Links rewrite
RewriteRule rew /(.*)$ http// $ 1 [L]
RewriteRule rews /(.*)$ https// $ 1 [L]

and a link to do so
href "/ rew / www.site ....

geekwright

Quite a regular
Posted on: 2/18 21:17
geekwright
geekwright (Show more)
Quite a regular
Posts: 225
Since: 2010/10/15
#6

Re: http to https

Quote:

aerograf wrote:
...
And if you use rekaptcha In the File /class/captcha/recaptcha/recaptchalib.php correct line:
function recaptcha_get_html ($ pubkey, $ error null, $ use_ssl true)

...


Thanks for reporting this! This appears to be a safe change even if you are not using https for your main site, since it affects the URL for Google API. I've added this change to version 2.5.9. The replacement, Recaptcha v2 is supported there already, and always uses https.

geekwright

Quite a regular
Posted on: 2/18 21:40
geekwright
geekwright (Show more)
Quite a regular
Posts: 225
Since: 2010/10/15
#7

Re: http to https

Quote:

goffy wrote:
...
Ok, then I will test it and report if I have problems.


Please do! It is important that XOOPS fully supports SSL.

The only issue I am aware of is inconsistent handling of the secure flag on cookies. Patches are in for session and remember me cookies. There are others, but they present less of an issue and are not being changed at this time.

If you do find anything else, please let us know. We really need it to work correctly.

Thanks!

aerograf

Not too shy to talk
Posted on: 2/19 9:37
aerograf
aerograf (Show more)
Not too shy to talk
Posts: 154
Since: 1/7 19:01
#8

Re: http to https

The ssl problem with mixed content, and decide now with the editors that have inserted links users excluding http: //. But not everyone supports ssl therefore looking for a solution through the above or /redirect.php?site=.
But not everything is working correctly.
Do ideas and solutions?

geekwright

Quite a regular
Posted on: 2/20 20:52
geekwright
geekwright (Show more)
Quite a regular
Posts: 225
Since: 2010/10/15
#9

Re: http to https

Quote:

aerograf wrote:
The ssl problem with mixed content, and decide now with the editors that have inserted links users excluding http: //. But not everyone supports ssl therefore looking for a solution through the above or /redirect.php?site=.
But not everything is working correctly.
Do ideas and solutions?


For internal links, where http links to your own site's content are embedded in your content, you can dump the database, replace all the occurrences, (i.e. change all http://example.com to https://example.com) and then reload it. There are also tools to do that in-place in the database. It is a one shot task, and really should only take a few minutes.

For external links where you are essentially hot linking someone else's content, you either accept the warnings, or you implement some sort of proxy. That is expensive (you end up carrying bandwidth to fetch and send out resources from the other sites, up from 0% to 200% of the cost) and it is risky, you have to engineer in protection to keep your site from being used as a proxy by other sites (a situation that could consume an entire month's bandwidth for a low price hosting plan in a matter of minutes.)

If you had a robust cache strategy, you could cut down the resource requirements. We do something like that for oEmbed content in XOOPS 2.6 already. That concept could be adapted to handle http proxying for this situation. But, 2.6 has a much more scalable cache already. It also has a more modular text sanitizer which could help in implementing the details.

It isn't impossible, but it is not something everyone would want to put into place. At this point, it isn't feasible to dedicate that much additional effort to the 2.5 series.

If the basic support for self hosted content over SSL doesn't work, that is a bug and will be fixed. A comprehensive proxy solution for remote hosted content is an enhancement which will be deferred to the next generation of XOOPS.

justinebaby

Just popping in
Posted on: 2/21 9:14
justinebaby
justinebaby (Show more)
Just popping in
Posts: 21
Since: 2015/12/17
#10

Re: http to https

Hello,

I try with your instruction, but some of images do not display correctly. Do you have somme idea else?

Regards.