Converting to https, step-by-step...

Started by shawnb61, July 08, 2017, 03:01:04 AM

Previous topic - Next topic

Obsydian

#40
My forum at https://www.thetarotforum.com/ [nofollow] is showing up as not-secure.  The test website shows: You currently have TLSv1 enabled.
This version of TLS is being phased out. This warning won't break your padlock, however if you run an eCommerce site, PCI requirements state that TLSv1 must be disabled by June 30, 2018.

That is the only issue on that page, and it says it won't break the padlock, but I'm not sure what else is broken?

EDIT: I closed the tab and reopened it and everything is secure and working fine.  Keeping this with solution in case somebody else needs it. :)

Nomada_Firefox

Hi. I do not know but my forum 2.0.15 + Tiny portal 1.3 loads the https as secure running administration and perhaps other parts but when I run the forum or the main page, it shows the https but it says how the site is not fully secured.

It looks as if my server was correct. https://www.sslshopper.com/ssl-checker.html#hostname=https://firefoxccmods.com

Any idea about why does it happen?

lurkalot

Quote from: Nomada_Firefox on February 12, 2018, 06:47:03 AM
Hi. I do not know but my forum 2.0.15 + Tiny portal 1.3 loads the https as secure running administration and perhaps other parts but when I run the forum or the main page, it shows the https but it says how the site is not fully secured.

It looks as if my server was correct. https://www.sslshopper.com/ssl-checker.html#hostname=https://firefoxccmods.com

Any idea about why does it happen?

Hard to tell when you can't see the home page or forum as guest.

helpplease

Hi all  :)


I have also need so long time to get https half way working, but still need help.

Themes/Reseller/images/expand.gif caused mixed-content and the https SSL-Icon is not green. Yes, only because this small gif is loaded.

The source code show: srcCollapsed: smf_images_url + '/expand.gif',
Have try to delete this from the BoardIndex.template.php "srcCollapsed: smf_images_url + '/expand.gif'," but than the index-page, forum is down.

So, how can I get rid of this?  :(

Any help would be greatly appreciated..


Kindred

Theme specific issues should be addressed in the thread dedicated to supporting that theme.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

helpplease

#45
Hello Kindred, thank you for your response.

The Reseller is based on the default template from smf Forum  :)
The same code is on this website: simplemachines.org/index.php
aSwapImages: [
            {
               sId: 'upshrink_ic',
               srcExpanded: smf_images_url + '/collapse.gif',
               altExpanded: 'Shrink or expand the header.',
               srcCollapsed: smf_images_url + '/expand.gif',
               altCollapsed: 'Shrink or expand the header.'
            }
         ],
         oThemeOptions: {


Just need to know the path to change it to https. I didn't find it :(
Somewhere in the code for SMF it tell the script to take the /expand.gif, but where is it?
The developer of SMF know for sure where the string is located..

Illori

if you reset all theme URLs to be https it should be converted automatically. if you did that already and still have this issue you need to post in themes support topic.

helpplease

This hasen't been converted automatically.

However, I don't want to "spam" the forum here with this question but I still need help.

helpplease

Your webserver is forcing the use of SSL.

Your SSL Certificate is installed correctly.


Mixed Content - Errors:

An image with an insecure url of "http://.........../expand.gif" was loaded on line: 749.
This URL will need to be updated to use a secure URL for your padlock to return.

Illori

i understand that is your issue, as has been stated already in this topic you need to post in the themes support topic for further assistance.

helpplease

I need a general themes support, the same error comes when I change to the default SMF themes.

And where is it please?

Vincenz0

#51
Hey guys!

I wish to leave another tip of information.

After switching to https, naturally many things stopped to work especially images (mixed content.. ;) )

The image proxy SMF provided was not working for me, and returning error 500, but nothing in php logs and I had no clue what was wrong, I checked everything, turned on apache2 logging for all errors, even turned on display errors but no still nothing to see..

Turns out in the proxy.php file errors get disabled..... :D
                // Turn off all error reporting; any extra junk makes for an invalid image.
                error_reporting(0);


After commenting out that line I found out the simple problem and if others have it, I recommend this fix.

Turns out it uses the CURL apache module.. which is not standard installed on apache2.

Simple fix:
sudo apt-get install php-curl

Hope it helps someone with image proxy problems.


Also the redirect was not working, not in apache2 config files or in .htaccess.. turns out in the new apache it is not recommended to make a rewrite for redirects.

instead do the folowing:
In your /etc/apache2/sites-enabled/
Modify your site config something like this:

<VirtualHost *:80>
    ServerName www.yourforumsite.com
    Redirect permanent "/" "https://www.yourforumsite.com/"
</VirtualHost>

<VirtualHost *:443>
    ServerName www.yourforumsite.com
    # ... SSL configuration goes here
</VirtualHost>

This is always working and more safe than any rewrites.


Because of my rewrite problems I was already manually updating http to https a simple trick to update all old URL's for your site people posted or used in signatures:

UPDATE smf_messages
     set body = REPLACE(body, 'http://www.yourforumsite.com', 'https://www.yourforumsite.com')
     WHERE body like '%http://www.yourforumsite.com%';

UPDATE smf_members
     set signature = REPLACE(signature, 'http://www.yourforumsite.com', 'https://www.yourforumsite.com')
     WHERE signature like '%http://www.yourforumsite.com%';


This can also be used to update for instance images posted with http://i.imgurl to https.
And thus avoid caching images on your server when not needed. Most image hosts support https nowadays (some exceptions like tinypic)

MadCityKaren

Thanks for this step-by-step list, shawnb61! 

I'd realized my forum/website was having an issue of some sort with SSL after receiving some feedback from a member, but found the problem wasn't so much not having the certificate (SSL checker showed all was well), but that the .htaccess file in order to redirect is somehow missing ... (trusting that will indeed solve the issue; I'm asking the webhost to deal with it -- it's not as though I'd removed the file; they should be apprised of such things to maintain the integrity of all they serve.) 

danshell

I have SSL on my site working well for the most part.

Well it works everywhere except when you go into an thread. It doesnt have the green secure it just has the question mark.

Im missing a setting somewhere. I have followed this thread ok but I must be missing something simple.

ozisuzu.com.au

Any help is appreciated?

EDIT: while your replying to a post it is secure but when you just view threads your not. While your on the portal front page or forums main directory it is all secure.

EDIT again! It seems like it is only some threads that are not working hmmmm how odd. Some are secure and some are not?

EDIT for the third time.....sorry for being a pain. It appears to be only threads with images so ill work on that.

Aleksi "Lex" Kilpinen

The image proxy in 2.0 is designed to fix that, though it is not yet a perfect solution and is going to see improvements in a later release if I have understood correctly.
Slava
Ukraini!


"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

GigaWatt

Quote from: danshell on July 01, 2018, 10:23:44 PM
EDIT: while your replying to a post it is secure but when you just view threads your not. While your on the portal front page or forums main directory it is all secure.

EDIT again! It seems like it is only some threads that are not working hmmmm how odd. Some are secure and some are not?

EDIT for the third time.....sorry for being a pain. It appears to be only threads with images so ill work on that.

Those images probably load through http, not https and that's why there is an unlocked keypad (I presume) in the place where the locked keypad should be. It means that some elements don't load through https, but http.

Here's a test you could try. Open a new thread, insert a https and a http image link in it (with the image tag). Save (post) the thread and see if the keypad is showing an exclamation mark or if it's unlocked. If it is, try removing the http image from the post and see if the exclamation mark (or unlocked keypad) is removed (the keypad stays locked).
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

danshell

Yes it was because of images using http.

I seem to have solved it with image proxy. All pages are now running green and secure.

Thanks for the help.

diegolyanky

So... What's about repair_settings.php for 1.1.xx versions ? ...

I'm running 1.1.21 and I can't find the correct one.

Thanks Folks !!
SMF ... SimpleMachines ... Simple, but complete if you want it ;)

Illori

if you are using SMF 1.1.* you need to upgrade to SMF 2.0 to get support for https fully. not to mention that SMF 1.1 is no longer getting security patches.

diegolyanky

Quote from: Illori on July 17, 2018, 07:59:38 AM
if you are using SMF 1.1.* you need to upgrade to SMF 2.0 to get support for https fully. not to mention that SMF 1.1 is no longer getting security patches.

Any tool or patch to do that ? ...

I searched but can't find it
SMF ... SimpleMachines ... Simple, but complete if you want it ;)

Advertisement: