We build. You grow.

Get best community software here

Start a social network, a fan-site, an education project with oxwall - free opensource community software

HTTP and HTTPS | Forum

Topic location: Forum home » Support » General Questions
Rainier Sotelo
Rainier Sotelo Apr 15 '13
Hello,
I am using a Minimalistic Soft theme at present and I am hoping that someone from you have experienced and resolved this problem easily.

I just recently installed SSL certificate on my domain named, triskelionhandshake.com, and this is what happened with my site fonts:

1) Browsing my site using HTTP


2) Browsing my site using HTTPS


Cheers
Alia Team
Alia Apr 15 '13
Rainier Sotelo, do you use default fonts? Or custom ones?

Did you change your URL inconfig.php to https://yoursitename.com ?
Rainier Sotelo
Rainier Sotelo Apr 16 '13
Hello Aliia,

I am using default fonts.

Kindly advise how to change my URL in config.php to https://yoursitename.com ?

Cheers & thanks a lot,
Rainier

Rainier Sotelo
Rainier Sotelo Apr 16 '13
Hello Aliia,

This is what I did in my config.php file to replace HTTP:

<?php
define('OW_URL_HOME', 'http://triskelionhandshake.com/Verification/');

with HTTPS:

<?php
define('OW_URL_HOME', 'http://triskelionhandshake.com/Verification/');

Please correct me if I am wrong.

Cheers,
Rainier
Rainier Sotelo
Rainier Sotelo Apr 16 '13
Hello Chris,

This is what I did in my config.php file to replace HTTP:

<?php
define('OW_URL_HOME', 'http://triskelionhandshake.com/Verification/');

with HTTPS:

<?php
define('OW_URL_HOME', 'https://triskelionhandshake.com/Verification/');

Please correct me if I am wrong.

Cheers,
Rainier
Alia Team
Alia Apr 17 '13
Rainier Sotelo, now all you need to do is to add a redirect from http to https in Oxwall's .htaccess, so that one and the same site is displayed no matter whether user enters http or https.


Chris
Chris Apr 28 '13
Im having the same problem as rainier, but the opposite way around. when viewing my site on http the text links are hugh.

I have changed the web url in my .config file to https, what code do i need to add to the htaccess file to redirect the http to https?
Rainier Sotelo
Rainier Sotelo Apr 28 '13
Hello Aliia,

Kindly advise how to add a redirect from http to https in Oxwall's .htaccess.

Cheers,
Rainier
Alia Team
Alia Apr 28 '13
I am not an expert in .htaccess settings.

Check: http://stackoverflow.com/...direct-http-to-https

Chris
Chris Apr 29 '13
I used the below code in my .htaccess file under line 2 - RewriteEngine On

Now my domain redirects always to https. This may not work for everyone though, the command can vary depending on your hosting company. It took me a lot of trial and error and a very long conversation with my hosting company to find a solution.


RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://your-domain.com/$1 [R=301,L]











David A
David A Apr 29 '13
Is there some sort of support document that explains how to do this from start to finish?  I really like the idea of running https
Chris
Chris Apr 30 '13
David A - I can give you instructions as to how I setup my HTTPS, however its not always gonna be the same, it really depends on your hosting company. It took me a lot of trial and error and a long conversation with my hosting company before i finally found a complete solution.

Send me a PM and I will try to help you as best as possible.
Chris
Chris May 17 '13
So I have finally managed to setup my website on HTTPS, i have all the the FB connect and importer working without issues, along with other plugins.

However oxwall cannot fully run in https as external links such as youtube or JS scripts are not hosted on my site and do not use the https protocol.
The main issue when running https is with the browser that you use. some browsers automatically block unsafe content, the content not hosted on your own server.

I have found that images are just flagged as unsafe, but not blocked. Some JS scripts are blocked completely, hence the reason FB connect doesn't work unless modified a little.

I am now looking for some help and ideas on how to make external links that do not use https safe. If you checkout facebook as an example, all external links like youtube, blogs etc are sent through a secure server before reaching the FB site. That way all the content shown on FB is secure.

Are there any services that offer this kind of service? Is there a way to rewrite external urls and make them secure? It would be great if oxwall could run fully in https, as almost all social sites and major sites are heading in that direction.

Im not a code guru - guess something like this would be needed - http://stackoverflow.com/...-link-inside-article



The Forum post is edited by Chris May 17 '13
Alia Team
Alia May 20 '13
Chris, not much I can help you with. What you would like to achieve requires complex custom code modifications. Try finding a developer who can complete this work for you.
Chris
Chris May 20 '13
So I have given up on the idea of using HTTPS for the whole of oxwall site. Unfortunately there are too many issues and problems and it is almost impossible to run your oxwall site fully secured as external links on the site are not always https.

However I have kept my SSL certificate and am just using it to secure certain pages like the fbcanvas page from the contact importer plugin.

For oxwall to run fully in https, the core files and plugins need to be coded from the bottom up to support it. It would also require some sort of plugin that forces all external links into https.




matt
matt May 21 '13
This is a bit disappointing to hear. Its not like ssl is uncommon. I would have thought that Oxwall would want to get this sorted asap?  Blimey.

Matt
Chris
Chris May 29 '13
Im not saying that you can't use https and SSL, its just you may have to change / modify some of the code in certain plugins and sections of your site, for it to work.

You can run your oxwall site securely, but it will never be fully secured if you have content from external sources that don't run https.
dave Leader
dave May 29 '13

This in my experience is not uncommon in the industry, especially with open source.   Much of the software out there uses SSL and https for the purpose of securing critical pages such as payment processing.  Sure you will find software this can handle the https and SSL for the whole site, but you will find more than not that they are written an or function with the intent to secure more critical pages, features, and functions that really require it.

 

You have to remember folks that with open source your pretty much getting the base or basics of what you need.  The rest is up to you.   My feeling is if your looking for a tried a true, all feature, all doing, everything in the box social script,  they are out there for several hundred dollars but not open source.   Free has its down sides but if you have the willingness and want that flexibility of open source then you also have to deal with certain challenges as well.

 

 

The Forum post is edited by dave May 29 '13
IB
IB Jul 13 '13
Well, you learn something everyday.  Here I thought simply getting a SSL cert will secure my site.  Obviously not.  Thanks Chris for investigating this a bit.  So basically, you can have SSL for the whole site, but some content may not be displayed, depending on what it is or where it comes from.

Just a thought.  If I make the decision not to run my site via SSL, would Cloudflare or another CDN help to create some security?
How would SSL work if it was enabled via one of the CDN providers?  I think some offer that service.
Jim Lee
Jim Lee Dec 20 '14
SSL fail, you have got to be kidding me.


Why isn't there an option on the admin panel that says this:

"Do not preview unsecure links"


SMH


Chris, I feel your pain.

The Forum post is edited by Jim Lee Dec 20 '14
Pages: 1 2 3 4 »