I just bought an SSL certificate for my website but I did not find any information about the changes that my Elgg 3.3.10 needs. Someone can help me?
info@elgg.org
Security issues should be reported to security@elgg.org!
©2014 the Elgg Foundation
Elgg is a registered trademark of Thematic Networks.
Cover image by RaĆ¼l Utrera is used under Creative Commons license.
Icons by Flaticon and FontAwesome.
Note: Use Google to learn how to configure Apache with SSL (e.g. 1, 2, 3)
And keep in your mind some https enabling problems also:
Read this also.
It's also helpful to add some rewrite rules to the .htaccess file to get forwarding from non-ssl to ssl site url (and non-www to www or vice-versa). I have these rules - but they are for Elgg 2 and I've not tested them on Elgg 3 yet.
These lines are added after the
comment line. The rules are for forwarding any non-https calls to the site to the https url and assume that your site url contains www (without www you would have to have slightly different rules to forward from www to the non-www site url). You would have to modify the YOURSITE.URL parts to match the url of your site
These rules help for any links (either on your site itself for example in a comment on some other posting referring to some other page or if a user bookmarked the site) to get them always moved to the correct https urls.
I can't get my new SSL certificate to work. The fight was hard but Mr,SSL has won me by far, I give up. I do not have enough knowledge to put it into operation. I'm a noob! :(
Thanks in all ways RvR and iionly.
All depends what hosting service you have, i have the one that offers free SSL certificates and when i installed the 3.8 Elgg, at the control site's administrator side, just type the link address with https:// and it works even without the .htaccess files redirects.
My fight versus Mr.SSL continues...
My elgg is in a directory like http://agujero.net/elgg
I must include this code in the .htaccess elgg directory or in other .htaccess in the root?
# http to https
# exclude subdomains
RewriteCond %{HTTP_HOST} ^(www\.)?agujero.net$ [NC]
RewriteCond %{HTTPS} off
RewriteRule ^ https://www.agujero.net%{REQUEST_URI} [NC,L,R]
# add www on ssl
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [NC,L,R]
Thanks for your patience with me!
With Elgg 3 the site url is defined in the file elgg-config/settings.php in the variable $CONFIG->wwwroot. The site only uses SSL if the site url defined there is defined with https. So, the first step would be setting
in settings.php and then trying to access your site using the url "https://agujero.net/elgg".
Actually, I think the very first step would be to disable the cache options of your Elgg site in the admin setion of your site (site settings). Then it won't happen that the old url is still included in the cached files. Once you have completed the chances (successfully or not) you could re-enable the cache options again.
After the first test you could also set
as your site url (test again if access to your site works). Now the site url contains the "www" part and it should work with these rewrite rules added to .htaccess
(not sure if the / before elgg needs to be escaped, i.e. maybe it's agujero\.net\/elgg)
If I configure in settings.php the wwwroot without "www" the site dosen't work propertly. Always was...
$CONFIG->wwwroot = "https://www.agujero.net/elgg/";
I have tried disabling all cache options in the web configuration and in the .htaccess but with no luck.
If anyone wants to try to help me (as a paid professional job) they are welcome. I can give FTP and admin access on the web. I do not know what else to do. Thank you!
If you have www in settings.php then it's fully alright to keep it so. I just thought you wouldn't because you posted the site url in your last posting without www.
Then the rules to add in .htaccess should work as I posted anyway. But you should be able to test if https works without first adding the rules in .htaccess as long as you have https also in the wwwroot variable value in settings.php included. Have you tested to visit your site using https? Is it working or not?
The rules in .htaccess are necessary for people trying your site url without https and/or without www. With the rules they always get redirected to the https://www... url of your site.
My domain https://www.agujero.net works fine with the SSL certificate: "It's safe".
Any static Elgg content (like photos) works fine too...
https://www.agujero.net/elgg/photos/thumbnail/14025/master/
But the rest of the web does not accept the SSL certificate and the browsers say "it is not safe".
https://www.agujero.net/elgg
All works very well:
https://www.agujero.net/elgg redirects to https://www.agujero.net/elgg/ and all URLs are safed.
Don't forget clean your browser's cache every time before testing.
- Previous
- 1
- 2
- Next
You must log in to post replies.