Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Enabling SSL in Vanilla 2?



  • Options

    This is still causing me trouble with jsConnect and single sign-on. Having removed the popup class using JS, the user is now directed to the sign in page when they click 'Sign In'.
    Chrome throws up a warning about unsecure content, which if you choose 'Don't Load' hides the login with Wordpress account interface. If you choose 'Load Anyway' the WP Vanilla Connect/jsConnect interface appears but the site throws up errors about partially secured content.

    Again the error is with getwebroot. Any thoughts?

  • Options

    Hi all,

    I'm new to Vanilla, and not a coder, so apologies in advance for dumb questions.

    I am trying to get ssl working, primarily because I want my forum to work as a Facebook tab, and https seems to be a sticking point.

    I have an SSL certificate for my site, and I was hoping that would be all I needed, but clearly that is not the case.

    So I need some changes to my .htaccess ? and the SSLControllers plugin ?

    Is that it?

    Thanks for this great community!

  • Options
    vrijvlindervrijvlinder Papillon-Sauvage MVP

    hey Dave , sorry I was tied up yesterday, please try these things :

    Put this in the config.php

    $Configuration['Garden']['AllowSSL'] = TRUE;

    then add this into your htaccess file instead of what you have

    # Modified
    # If you modify this file then change the above line to: # Modified
    <IfModule mod_rewrite.c>
       RewriteEngine On
       # Certain hosts may require the following line.
       # If vanilla is in a subfolder then you need to specify it after the /. 
       # (ex. You put Vanilla in /forum so change the next line to: RewriteBase /forum)
       RewriteBase /forum
       RewriteCond %{HTTPS} !=on
       RewriteCond %{REQUEST_FILENAME} !-d
       RewriteCond %{REQUEST_FILENAME} !-f
      RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  • Options

    this .htaccess code put other pages on my site in an infinite loop, so I had to remove it.
    Any idea why?

    Also, I would have thought a direct https:// would have worked fine for my facebook tab without the redirect, but that didn't seem to work, with or without the .htaccess.

  • Options
    vrijvlindervrijvlinder Papillon-Sauvage MVP
    edited February 2014

    @davematson I found this bit of info which might help

    Also take a look at the facebook page, they have a forum embedded and it is all https. So this proves it can be done ... Just need to figure out exactly how, maybe @Lincoln or @Todd or @Adrian can share how they do it.

  • Options
    AdrianAdrian Wandering Spirit Montreal MVP
  • Options
    vrijvlindervrijvlinder Papillon-Sauvage MVP

    No @Adrian you do not understand, he already has embedded into Facebook but can't get the SSL to work.

    If a person choses to view Facebook using safe browsing mode, any content that is not being served via SSL will be blocked in most browsers except Safari on the mac.

    He is having a problem achieving this even though he has already purchased am SSL certificate.

    When you go view the embedded forum on Facebook it still blocks the content even though it is being served as SSL. Why is this and how to make it work , that was the question.

    How did embed their content using SSL ?

  • Options
    AdrianAdrian Wandering Spirit Montreal MVP
    edited February 2014

    @vrijvlinder I'm on a Safari with a Mac so someone else might have to test. The steps are those in the blog post should work for @davematson. We used this app:

    And we used the embed script like so:

    <script type="text/javascript" src=""></script>

    That's it. No special tweak.

    (NB., should be replaced with the appropriate forum)

  • Options
    vrijvlindervrijvlinder Papillon-Sauvage MVP
    edited February 2014

    Yes that is how it was embedded and also by using the iframe. Like I said , it works on the mac on Safari o matter what, but on others it gets blocked if you are using safe browsing mode on facebook. You can replicate this by simply creating a page on facebook and embed a forum. Then use chrome or firefox and you will see that is requests https on every single url from the forum.

    Even though Dave got an SSL certificate and set the htaccess to serve the forum as https it still blocks the content and not all the links are converted to https such as the sign in etc.

    How can this be done ? How can you rewrite all the links to be served via https ?

    other than what I already posted which came from your post on another discussion.
    They obviously did something else besides just add the url appended by https.

    How did they write up the htaccess file to work like this ?

  • Options
    AdrianAdrian Wandering Spirit Montreal MVP
    edited February 2014

    @vrijvlinder nothing else was done. No .htaccess modification.

  • Options
    LincLinc Detroit Admin

    Facebook has issues embedding Vanilla and we no longer support that, fwiw.

    Setting Garden.ForceSSL = TRUE will make sure every pageload is only over SSL. Vanilla should automatically convert any links to SSL when on an SSL page, regardless. runs nginx so there's definitely no htaccess voodoo involved. ;)

  • Options
    vrijvlindervrijvlinder Papillon-Sauvage MVP
    edited February 2014

    Thanks, apparently Facebook just runs on gin.....

    ok @davematson so the next thing to do is to add to the config.php and see if that solves the issue.


  • Options

    The version of vanilla forums on their facebook page is a different one than their actual one. There are no posts there since 2012.

    $Configuration['Garden']['ForceSSL']=TRUE; doesn't seem to be redirecting the page to ssl, although maybe I have a caching issue, I'll try to clear and check it again.

Sign In or Register to comment.