SSL installation possible?

Permalink
I installed a self-signed certificate on a new 5.7.5.1 C5 and setup the server to redirect all http requests to https. The site still loads but things like user login, admin UI don't work properly. Looks like maybe there's a lot of hard coded 'http' schemes in various urls, like the login form action and various ajax requests.

I recall previous versions had a configuration file site.php file somewhere you could change vars like BASE_URL and get this to work. Does this exist anymore? I see a 'site' var in ./application/config/generated_overrides/concrete.php but no scheme, and doesn't seem like I should manually edit the file.

I see a lot of unanswered posts re/ssl and maybe there's no documentation yet. I see the C5 forums uses ssl for its login page, how was that done? I looked at the force ssl add on but it says its only good up to 5.6.3.3.

View Replies: View Best Answer
mesuva replied on at Permalink Best Answer Reply
mesuva
We're running a few 5.7 sites under https and haven't had any issues doing so. URLs within the system shouldn't be hardcoded to http anywhere. All we've had to do is put in a redirect in an htaccess file and that's been it.

It could be that:
- your server isn't configured correctly in terms of allowing PHP to detect if it's running under HTTPS (I don't know a huge amount about this, but I've seen some servers not actually report that they're running under https when they are, and you have to do stuff like port checking)
- or you need to clear your cache

To answer your question regarding BASE_URL, there is now a dashboard page for manually specifying site URLs: 'URLs and Redirection' , found at /index.php/dashboard/system/seo/urls

In there you can manually put in the urls. When you edit this, just be careful as I've read of some people getting this wrong and not being able to access their site. The values are written to a config file within /application/config, so you can undo it pretty easily though.
dennismoore replied on at Permalink Reply
Good point re/ php not knowing about the ssl connection. I checked $_SERVER vars and php sees a regular http connection but the forwarded env vars are being set:

$_SERVER{'HTTPS'} => undefined
$_SERVER{'HTTP_X_FORWARDED_PROTO'} => 'https'
$_SERVER{'HTTP_X_FORWARDED_SSL'} => 'on'

To get $_SERVER{'HTTPS'} set I added the following to Apache's virtual host Directory block:

SetEnvIfNoCase X-Forwarded-Proto https HTTPS=on

Everything seems to work fine now, so getting a value set for HTTPS was my problem. thx mesuva