Redirect Problem after Installation?
PermalinkI have a Concrete5 site installed on my webserver that is working great, now I am ready to start a new site located in a different folder on the same server (under a different user). I am following the install procedures just as I did for my first site and all goes well, the installer passes all of its tests and tells me I am logged in as admin with a password that it randomly assigns to me.
However, when I click on "Continue to your site." the web browser hangs for a while and finally fails with this message...
"Firefox has detected that the server is redirecting the request for this address in a way that will never complete."
I can not find anything in the logs that indicates what might be happening (or I simply do not know which log to look at).
Does anyone have any idea where I might look for to resolve this problem?
Thanks in advance.
Roark Holz

I double checked that file and it looks right to me, it definitely matches the syntax of my working site. I installed the new concrete site at "https://name.domain.org/concrete" (name.domain replaces the actual site name here since it is our staff intranet site and I would rather not publish the address).
This is the contents of the applicable part of site.php...
The only different between this site and the one I was working on before is this is a secure site. Does that change the requirements for installation? Also, the site is password protected using a .htaccess file that is in the root directory of "https://name.domain.org". There are no rewrite rules in that .htaccess file however, just a reference to the password file. Just in case it may be part of the problem here is the output of that file (with a few changes for security purposes)...
AuthGroupFile /dev/null AuthName "xxx Staff Site" AuthType Basic AuthUserFile /path/to/.htpasswd require valid-user
Thank you so much.
Basically, each site on the server has a private_html folder where ssl files go and a public_html folder where regular files go. When I install Concrete5 in public_html everything works great, but when I install it in private_html (tried on 2 sites) it fails.
Directadmin also includes an option in the control panel to replace the private_html folder with a symbolic link to public_html. This allows you to keep all your files in public_html. If I use this option to enable ssl everything seems to work just fine with Concrete5.
If you trace the connection you go:
index.php
concrete/dispatcher.php
concrete/startup/url_check.php
and that's where the problem can be worked around. The simple solution is just to change line 6 from
$protocol = 'http://';
to
$protocol = 'https://';
Obviously that's a workaround for the way that the if statement is being passed or failed. The whole loop is
if (REDIRECT_TO_BASE_URL == true) { $protocol = 'https://'; $base_url = BASE_URL; if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS']) && ($base_url_ssl = Config::get('BASE_URL_SSL'))) { $protocol = 'https://'; $base_url = $base_url_ssl; } $uri = $_SERVER['REQUEST_URI']; if (strpos($uri, '%7E') !== false) { $uri = str_replace('%7E', '~', $uri); } if (($base_url != $protocol . $_SERVER['HTTP_HOST']) && ($base_url . ':' . $_SERVER['SERVER_PORT'] != 'https://' . $_SERVER['HTTP_HOST'])) { header('HTTP/1.1 301 Moved Permanently'); header('Location: ' . $base_url . $uri); exit;
There must be something with the constant REDIRECT_TO_BASE_URL.
I haven't investigated where that is set and what it's supposed to do but yes I replicated your problem and fixed it this way. There are a lot of things happening in dispatcher.php before it gets to the url_check.php line.
I'll post back if I figure the real fix out.
-
Brandt Milczewski
Thanks!
Probably this should be submitted as a Concrete5 bug...
When I saw the endless redirect loop, I dove into the code to find the problem and initially came up with the same solution that you did. This, of course, breaks non-ssl instances.
I think this may be a bug and the correct solution would be one of the following...
In concrete/startup/url_check.php
if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS']) && ($base_url_ssl = Config::get('BASE_URL_SSL'))) {
Here they are doing
Config::get('BASE_URL_SSL')
As such, the (undocumented) value should be stored in there like so:
define('BASE_URL_SSL', 'https://your.domain.name');
And then modify the above line in concrete/startup/url_check.php as so:
if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS']) && ($base_url_ssl = BASE_URL_SSL)) {
An alternative would be to modify the installer and store this value in the database, if that is truly where it is meant to be stored. It seems more logical to me that it be stored along with BASE_URL and this solution does that.
Should I submit this as a bug?
Thanks,
Tom...
I.e, if the site is installed over SSL, then the BASE_URL_SSL variable should be set in site.php as well as BASE_URL. This would be needed for a seamless SSL install with no manual file editing needed.
I have to say that this failed install was the first impression I got from Concrete5. I almost didn't bother continuing but curiosity got the better of me.
I can help with the code changes for this if needed :)
Thanks,
Tom...
BTW, I tried adding it manually to the config table in the db and it didn't work, I had to add it to site.php and make the change you outlined.
Thanks again for saving my hours.
http://www.concrete5.org/marketplace/addons/force-ssl/...
Hope it helps
site.php add below codes:
url_check.php change to below code:
<?php defined('C5_EXECUTE') or die("Access Denied."); if (REDIRECT_TO_BASE_URL == true) { $protocol = 'https://'; $base_url = BASE_URL; if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS']) && ($base_url_ssl = BASE_URL_SSL)) { $protocol = 'https://'; $base_url = $base_url_ssl; } $uri = $_SERVER['REQUEST_URI']; if (strpos($uri, '%7E') !== false) { $uri = str_replace('%7E', '~', $uri); } if (($base_url != $protocol . $_SERVER['HTTP_HOST']) && ($base_url . ':' . $_SERVER['SERVER_PORT'] != 'https://' . $_SERVER['HTTP_HOST'])) { header('HTTP/1.1 301 Moved Permanently');
jbx_force_ssl.php change to below code:
<?php defined('C5_EXECUTE') or die("Access Denied."); /** * A model triggered by the on_before_render() event to check whether the page * should be rendered using https and redirect as necessary * * @package JBx Force SSL * @author Jon Bowes <[email protected]> * @category Model * @copyright Copyright (c) 2010 JBxHosting Ltd. (http://www.jbxonline.net) * @license http://www.jbxonline.net/license/... MIT License * */ class JbxForceSsl { /** * Returns nothing.
If anyone is still having issues like these, one thing to check is your webserver is making the https server variable available!
You can check by adding a php file with the following and hitting the file in your browser
<pre><!--make it pretty--> <?php //echo out the SERVER variable print_r( $_SERVER ); ?> </pre>
You should see $_SERVER['https'] in the output. If not, you need to add it to your server header output.