Having problems with an SSL only install

edolnx

Greetings -

I'm trying to install Vanilla 2.0 on an SSL only site. If I have the HTTP site simply redirect to the HTTPS site then functions like login fail to function and give an empty popup box. You also cannot use most of the admin area, as it tries to direct to the HTTP version of the site and then times out in a redirect loop. I have the SSLControllers plugin installed, and that seems to help. I'm thinking there is some config option that I haven't thrown yet. If I enable serving of Vanilla over HTTP and HTTPS, it bounces back between secure and insecure all the time. Any suggestions/pointers?

-Carl

vrijvlinder

do you have this in your config.php?

$Configuration['Garden']['AllowSSL'] = TRUE;

edolnx

No, I had $Configuration['Garden']['SSL'] = TRUE; but not AllowSSL. I added that, but it doesn't seem to help. Simply going to the main page of the forum over SSL redirects to a non-SSL page

Adrian

Try to make a change to your .Htaccess

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

edolnx

I had a rewrite rule like that, mine was giving a 302 instead of a 301 but I doubt that would fix it. Apache would redirect to the https site as expected, and then vanilla would redirect back to the http site. This would cause a redirect loop, and chrome would give me the "redirect loop" error page after a few seconds. To get around this, I temporarily have the site available over http and https. Any other ideas?

vrijvlinder

I used some of this for a different purpose , to force to serve https maybe some will help you

You may be able to use rewrite rules to make the urls that are not https to be so


To use Apache mod_rewrite to control whether a page is served via http or https. Here's an example  from a site's root directory .htaccess file:

# Redirect most reqests for http to https
RewriteRule ^http://www.youtube.com(.*) https://www.youtube.com$1 [R=301,NC]

# Allow some URIs to be https if requested
RewriteCond   %{SERVER_PORT}  ^443$
RewriteCond   %{REQUEST_URI}  !^/images/(.*)$
RewriteCond   %{REQUEST_URI}  !^/scripts/(.*)$
RewriteCond   %{REQUEST_URI}  !^/styles/(.*)$
RewriteCond   %{REQUEST_URI}  !^/store(.*)$
RewriteCond   %{REQUEST_URI}  !^/login.htm$
RewriteRule ^(.*) http://www.youtube.com/$1 [L,R]

# Force some URIs to be https only
RewriteCond   %{SERVER_PORT}  ^80$
RewriteRule ^store(.*) https://www.youtube.com/store$1 [L,R]

RewriteCond   %{SERVER_PORT}  ^80$
RewriteRule ^FormSanityKey.htm https://www.youtube.com/login$1 [L,R]\\

http://httpd.apache.org/docs/2.0/

edolnx

Irony of all ironies: disabling the SSLController plugin solved the problem. The site now works correctly over SSL. How strange. ::shrug::

vrijvlinder

It is good procedure to disable any plugins associated with the issue first, in order to determine it was at fault or if it is something else