SSL / Non-SSL Simultaneously

Started by ControlledBurn, September 02, 2010, 01:29:46 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

ControlledBurn

September 02, 2010, 01:29:46 PM
I have SMF running on my server, now I've also set up SSL for the server and it's working properly. I can see that repair_settings.php would allow me to change everything to SSL, but is it possible to have both a non-ssl version of the forums and an SSL setup?

In other words, I want the option to connect to my forums over SSL and have everything encrypted, but I don't want to force it's use on my users.

Deaks

#1
September 02, 2010, 01:40:54 PM
simple answer yes it is possible, everything is possible, however im not sure exactly how
~~~~
Former SMF Project Manager
Former SMF Customizer

"For as lang as hunner o us is in life, in nae wey
will we thole the Soothron tae owergang us. In truth it isna for glory, or wealth, or
honours that we fecht, but for freedom alane, that nae honest cheil gies up but wi life
itsel."

excaliburj

#3
September 03, 2010, 12:38:59 PM
I do this by using two distinct domain names (and, actually, two different IP addresses, but that's not really an SMF issue).

But, doing that, it allows a customization of Settings.php to check $_SERVER['HTTP_HOST']. If it contains the secure domain, then $boardurl is set accordingly. Else $boardurl is set for the non-SSL value. Note that I also have to use realative URL paths in the theme settings.

Short of the two domain approach, you might be able to accomplish the same check for whether a person's coming in SSL or not by looking at $_SERVER["SERVER_PORT"]. 443 would have you creating a $boardurl starting with "$https".
Random Sig Line

ControlledBurn

#4
September 03, 2010, 01:58:47 PM
While this code in Settings.php doesn't break the forums coming in either way:
Code Select
if ($_SERVER['SERVER_PORT']=443)
$boardurl = 'https://mydomain.com/forums';
else
$boardurl = 'http://mydomain.com/forums';

It doesn't seem to do the job as I still end up with a partially encrypted connection. In fact, if I tell it not to accept the unencrypted data I end up with less data this way than with the standard $boardurl statement.

With the standard $boardurl statement it seems that nearly everything but some Themes data comes in encrypted. With the if else statement I seem to lose style sheets altogether.

excaliburj

#5
September 03, 2010, 02:11:47 PM
I'm not sure how it could be that pulling in resources via plain http URLs would be coming in encrypted with the standard $boardurl statement.

As I mentioned, relative paths in the theme settings are also necessary (or they will be attempted with whatever URL you have in their settings - the non-SSL one which is why you get a a mic ox secure and secure items). Smileys and avatars, too (pre-loaded avatars and the avatar upload directory).
Random Sig Line

ControlledBurn

#6
September 03, 2010, 02:18:59 PM
Quote from: excaliburj on September 03, 2010, 02:11:47 PM
I'm not sure how it could be that pulling in resources via plain http URLs would be coming in encrypted with the standard $boardurl statement.

As I mentioned, relative paths in the theme settings are also necessary (or they will be attempted with whatever URL you have in their settings - the non-SSL one which is why you get a a mic ox secure and secure items). Smileys and avatars, too (pre-loaded avatars and the avatar upload directory).
Is this done via each individual theme then? Because I don't see a place for it in Settings.php

excaliburj

#7
September 03, 2010, 02:32:21 PM
Not each theme, but it IS done in the ACP and not Settings.php.

Configuration -> Themes and Layout.

There's a place at the bottom for the Base URL for the Themes directory. Don't touch the directory entry. but change the Base URL to "./Themes" and click the "Attempt to reset..." button.

When the page comes back, that field will again be filled with a fully qualified URL, but your themes listed above that should show like this:

Default Theme -
Theme directory (templates): /home/mainsite/public_html/forum/Themes/default (whatever path is right for YOU, of course)
URL to above directory: ./Themes/default
URL to images directory: ./Themes/default/images

Then Forum -> Smileys -> Settings for the Base URL for Smileys ("./Smileys")
Then Forum -> Attachment and Avatars -> Avatar Settings for both the Avatars URL and the Upload URL.
Random Sig Line

ControlledBurn

#8
September 03, 2010, 05:06:03 PM
Had to reinstall a theme, but this seems to work.

Also, found a better way to do the SSL check since I use mod_ssl

Code Select
if ($_SERVER['HTTPS']) {
$boardurl = 'https://mydomain.com/forums';
}
else {
$boardurl = 'http://mydomain.com/forums';
}

excaliburj

#9
September 03, 2010, 05:59:43 PM
It seems to work for me well enough. Considering it's a small edit in the Settings.php and then only changing stored values.

No edits to all sorts of Source files.

Any links SMF generates will be based on the $boardurl value ($scripturl is built from it) and the relative URLs will get you those other files. But when somebody posts a link to a message or into a PM, the link will be in whichever form they were working in (http or https) and it won't 'rewrite' itself depending what mode the person viewing it is in. And any links to non-SSL content (images and such from external sites) will still cause a 'warning' about non-secure items'.
Random Sig Line
Print
Go Up Pages1
User actions
Advertisement: