14

I wanted to change my site from http to https. Always.

So I configured my apache accordingly. Now when I enter the URL of my site (https://steamnet.de) it loads the index site fine but none of the referenced elements (CSS, images etc.)

It seems to me that it does so because the base href is set to http://steamnet.de/ and thous does not use https there. I have configured my firefox that it should not load mixed content.

So how can I tell Joomla to set the base href to https://steamnet.de (or otherwise make the site fully ssl?)

I tried to set the global ssl enforce element of joomla configuration ("SSL erzwingen" in german, $force_ssl in configuration.php) to "everything" but then the site breaks with infinite 303 error redirecting to itself. (As an afterthought: I was surprised to find a 303 instead of 301 here. If someone could explain that I would be grateful)

(Laoneo suggested some solutions, that did not work out, for completeness here is the list)

  1. configure $live_site to the https url.
  2. probe if changing $sef and $sef_rewrite helps.

The apache logs: access.log

91.42.221.000 - - [03/Nov/2013:12:41:25 +0100] "GET / HTTP/1.1" 303 4854 "-" "Mozilla/5.0 (Gecko) Firefox/64"
91.42.221.000 - - [03/Nov/2013:12:41:25 +0100] "GET / HTTP/1.1" 303 516 "-" "Mozilla/5.0 (Gecko) Firefox/64"
91.42.221.000 - - [03/Nov/2013:12:41:25 +0100] "GET / HTTP/1.1" 303 516 "-" "Mozilla/5.0 (Gecko) Firefox/64"

error.log contains nothing on access, but the following lines on reload

[Sun Nov 03 12:41:16 2013] [notice] Graceful restart requested, doing restart
[Sun Nov 03 12:41:16 2013] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
[Sun Nov 03 12:41:17 2013] [warn] RSA server certificate CommonName (CN) `Angelo Neuschitzer' does NOT match server name!?
[Sun Nov 03 12:41:17 2013] [notice] Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze17 with Suhosin-Patch proxy_html/3.0.1 mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations
4

4 回答 4

23

对不起,但我认为当前的答案并不正确。这个答案促进了黑客攻击并解决了这个问题。下次更新 Joomla 时,您必须更新核心文件,因为它将被覆盖。

实际上,如果我们在 getInstance 中查看 JURI 的代码,我们可以看到:

// Determine if the request was over SSL (HTTPS).
if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off'))
{
        $https = 's://';
}
else
{
        $https = '://';
}

问题是为什么有 $_SERVER['HTTPS'] 显然没有初始化的服务器。虽然我不能告诉你为什么,但我发现在开始时将这些行添加到 .htaccess 文件中:

<IfModule mod_env.c>
   SetEnv HTTPS on
</IfModule>

通过这样做 $_SERVER['HTTPS'] 似乎已初始化,Juri::current 将返回我们所期望的 - 一个以 https 开头的 url。

于 2015-05-19T11:12:21.123 回答
7

检查您的 configuration.php 文件中的 *$live_site* 变量并将其更改为您的 https 地址。

于 2013-11-02T13:08:36.273 回答
5

注意:这是一个黑客。请先测试Daniel Dimitrovs 的答案。如果有效,请在此处给我留言。

我找到了解决办法。

在文件中includes/application.php,我更改了以下块

if($router->getMode() == JROUTER_MODE_SEF) {
   $document->setBase(JURI::current());
}

至:

if($router->getMode() == JROUTER_MODE_SEF) {
   $document->setBase(JURI::root());
}

我不知道为什么JURI::current()返回httpURL 而不是 ahttps但是在更改之后站点按预期工作。

小心:在更改之后,管理员部分被破坏,直到我禁用force_ssl. configuration.php我通过我的 apache 配置强制执行 SSL,所以这对我来说不是问题。

于 2013-11-03T20:33:01.953 回答
0

完全删除<base>标签应该可以解决您的问题。您可以在index.php模板文件中执行此操作,如下所示:

$doc = JFactory::getDocument();
unset($doc->base);

由于这不是核心黑客,因此它将是升级证明。但是,如果您使用主题商店中的模板,并选择将来升级模板,您可能需要重新添加代码。


参考:

于 2017-06-06T15:20:46.490 回答