14

I wanted to change my site from http to https. Always.

So I configured my apache accordingly. Now when I enter the URL of my site (https://steamnet.de) it loads the index site fine but none of the referenced elements (CSS, images etc.)

It seems to me that it does so because the base href is set to http://steamnet.de/ and thous does not use https there. I have configured my firefox that it should not load mixed content.

So how can I tell Joomla to set the base href to https://steamnet.de (or otherwise make the site fully ssl?)

I tried to set the global ssl enforce element of joomla configuration ("SSL erzwingen" in german, $force_ssl in configuration.php) to "everything" but then the site breaks with infinite 303 error redirecting to itself. (As an afterthought: I was surprised to find a 303 instead of 301 here. If someone could explain that I would be grateful)

(Laoneo suggested some solutions, that did not work out, for completeness here is the list)

  1. configure $live_site to the https url.
  2. probe if changing $sef and $sef_rewrite helps.

The apache logs: access.log

91.42.221.000 - - [03/Nov/2013:12:41:25 +0100] "GET / HTTP/1.1" 303 4854 "-" "Mozilla/5.0 (Gecko) Firefox/64"
91.42.221.000 - - [03/Nov/2013:12:41:25 +0100] "GET / HTTP/1.1" 303 516 "-" "Mozilla/5.0 (Gecko) Firefox/64"
91.42.221.000 - - [03/Nov/2013:12:41:25 +0100] "GET / HTTP/1.1" 303 516 "-" "Mozilla/5.0 (Gecko) Firefox/64"

error.log contains nothing on access, but the following lines on reload

[Sun Nov 03 12:41:16 2013] [notice] Graceful restart requested, doing restart
[Sun Nov 03 12:41:16 2013] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
[Sun Nov 03 12:41:17 2013] [warn] RSA server certificate CommonName (CN) `Angelo Neuschitzer' does NOT match server name!?
[Sun Nov 03 12:41:17 2013] [notice] Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze17 with Suhosin-Patch proxy_html/3.0.1 mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
Community
  • 1
  • 1
Angelo Fuchs
  • 9,825
  • 1
  • 35
  • 72

4 Answers4

23

I'm sorry, but I don't think the current answer is really correct. This answer promotes a hack and goes around the problem. The next time you update Joomla, you'll have to update the core file, because it is going to be overriden.

Actually if we look in the code for JURI in getInstance we can see this:

// Determine if the request was over SSL (HTTPS).
if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off'))
{
        $https = 's://';
}
else
{
        $https = '://';
}

The question is why are there servers where $_SERVER['HTTPS'] is obviously not initialized. Although I can't tell you why, what I found out to work is adding this lines to the .htaccess file at the begining:

<IfModule mod_env.c>
   SetEnv HTTPS on
</IfModule>

By doing this $_SERVER['HTTPS'] seems to be initialised and Juri::current will return what we expect - an url starting with https.

Daniel Dimitrov
  • 1,848
  • 21
  • 35
  • 1
    Sounds great. I don't have a joomla anymore where I could easily test this. If I ever come around to it I'll mark it accordingly. Until then I'll add a note to my answer. I'm glad there is a better solution then my hack. – Angelo Fuchs May 19 '15 at 11:49
  • I've just run into this same issue and the htaccess fix worked for me. – Robert Went Jan 24 '16 at 21:28
  • This is the correct solution, not the hack. If you want your site to default to https:// change config $live_site var to https://{your hostname} and, while the initial browser href will show as http, all links on the front page will correctly include https://. As well, Googlebot now tests for a https ver so your indexed links will change to https:// over time. – garth Feb 05 '16 at 23:41
  • 2
    About the "why HTTPS server env is not correctly initialized ?", sometimes the encryption is taken care of by some network infrastructure somewhere above the webservers, and those webservers never see anything encrypted, for them everything is "clear http". That's why sometimes, server env seems wrong : actually it's right, it's just that https is taken care of somewhere else. – Med Mar 03 '16 at 15:02
7

Check your *$live_site* variable in your configuration.php file and change it to your https address.

Laoneo
  • 1,546
  • 1
  • 18
  • 25
  • 2
    Thank you, I just tried this (with and without `$force_ssl`) but it did not change anything. – Angelo Fuchs Nov 02 '13 at 14:11
  • I've used once this ssl redirect plugin http://extensions.joomla.org/extensions/site-management/url-redirection/11326. Did you check the apache access/error logs? Are there any hints regarding the redirect. What for SEF settings do you have in your Joomla configuration? Any SEF extension installed? – Laoneo Nov 02 '13 at 15:27
  • I don't know what 'SEF' means. I edit the elements of the contents into the question. – Angelo Fuchs Nov 03 '13 at 11:42
  • In your Joomla configuration you can define your SEF (search engine friendly urls) settings. There is an option to use the mod rewrite technique. That's what I was talking about. – Laoneo Nov 03 '13 at 12:24
  • I use SEF with the rewrite technique. I tried changing that, but it did not help. – Angelo Fuchs Nov 03 '13 at 20:07
  • It seems to have to do something with SEF, have a look at the work around I provided as answer. – Angelo Fuchs Nov 03 '13 at 20:37
5

Attention: This is a hack. Please do test Daniel Dimitrovs answer first. If it works, please leave me a comment here.

I found a work around.

In the file includes/application.php I changed the following block

if($router->getMode() == JROUTER_MODE_SEF) {
   $document->setBase(JURI::current());
}

to:

if($router->getMode() == JROUTER_MODE_SEF) {
   $document->setBase(JURI::root());
}

I don't know why JURI::current() returns an http URL instead of a https but after that change the site works as expected.

CAREFUL: after that change the Administrator part was broken until I disabled force_ssl in configuration.php. I enforce SSL through my apache configuration so that was not a problem for me.

Community
  • 1
  • 1
Angelo Fuchs
  • 9,825
  • 1
  • 35
  • 72
0

Removing the <base> tag altogether should solve your issues. You can do this in the index.php file of your template like this:

$doc = JFactory::getDocument();
unset($doc->base);

Since this is not a core hack, it will be upgrade-proof. However, if you use a template from a theme store, and choose to upgrade the template in the future, you may have to add the code back.

References:

Michael Yaeger
  • 756
  • 12
  • 32