Google and Firefox are planning to deprecate non secure sites that use http. Google are also talking about lowering the search rankings of non secure sites.
How can I use https on my Dolphin and non-dolphin websites?
Any and all advice would be gratefully received!
Stuart
There are none so blind as those that will not see. |
To be clear, that deprecation issue is a long ways off. But Dolphin does currently work with HTTPS, but it's a bit spotty at the moment. You'll need to edit /inc/header.inc.php and update the URL and the header redirect lines, as both use hard-coded HTTP. The Flash apps may also require some hacks to work.
These should be fixed in Dolphin 7.2 - the header issue is already fixed in Trac.
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
So we can't simply set up an SSL certificate, if we do something will break? |
When I did my D7.0.9 site a few years ago, I used the search tool in Dreamweaver to check for every instance of "http" in the code files and where appropriate I changed it to "https". Make sure you back everything up. It didn't take that long as I remember but don't rush it... you'll need to take a good look at the code to ensure you're only making "http" > "https" changes where you need to. Then use a browser tool to check for insecure pages... Firefox (Chrome?) has an extension you can add that does the task very well. http://pkforum.dolphinhelp.com |
As Nathan pointed out, all you need is to do the following changes in inc/header.inc.php file:
...
$site['url'] = "https://you-dolphin-site.com/";
...
if ( isset($_SERVER['HTTP_HOST']) and 0 != strcasecmp($_SERVER['HTTP_HOST'], $aUrl['host']) and 0 != strcasecmp($_SERVER['HTTP_HOST'], $aUrl['host'] . ':80') ) {
header( "Location:https://{$aUrl['host']}{$_SERVER['REQUEST_URI']}" );
exit;
}
...
and install SSL certificate for you site
Rules → http://www.boonex.com/terms |
Done the changes to the header.inc but the SSL lock shows only in main page and in the admin area but not in Join.php and not inside the site , so what i doing wrong please ? i want to enforce the ssl on whole site ! Proud Hosted by Zarconia.net |
Did you clear all caches after the change ?
Done the changes to the header.inc but the SSL lock shows only in main page and in the admin area but not in Join.php and not inside the site , so what i doing wrong please ? i want to enforce the ssl on whole site !
Rules → http://www.boonex.com/terms |
Yep done that , my host said that in some pages has outsider resources on the page ! For example in join.php i had deano facebook but it was starting with http , so changed that to https and the ssl lock shows now in join.php but do i have to do all of this to everypage in dolphin that has an outside thing , that will be crazy lol, is there a way to not do it manually !
Proud Hosted by Zarconia.net |
One more thing when activating https on my site, all youtube video stops working ! if i want the youtube video to work for example in my firefox browser i have to disactivate the ssl protection then i can view the video ! anyway to work this out ! Proud Hosted by Zarconia.net |
Please make sure that you are using the latest 7.1.5 version, old versions had http hardcoded in some places. Rules → http://www.boonex.com/terms |
I'm using latest version man !
I'll give you an example, when i switched my site to https , youtube stop working , so i had to follow this instruction to make it work with https check it out : ( Man dolphin needing lot of work ) i'm telling you.
On modules/boonex/videos/classes/BxVideosConfig.php - you can try changing:
if(!defined("YOUTUBE_VIDEO_PLAYER")) define("YOUTUBE_VIDEO_PLAYER", '<object width="100%" height="344" style="display:block;"><param name="movie" value="https://www.youtube.com/v/#video#&rel=0&color1=0xb1b1b1&color2=0xcfcfcf&feature=player_embedded&fs=1#autoplay#&iv_load_policy=3&showinfo=0"></param><param name="allowFullScreen" value="true"></param><param name="wmode" value="#wmode#"></param><embed src="https://www.youtube.com/v/#video#&rel=0&color1=0xb1b1b1&color2=0xcfcfcf&feature=player_embedded&fs=1#autoplay#&iv_load_policy=3&showinfo=0" type="application/x-shockwave-flash" allowfullscreen="true" width="100%" height="344" wmode="#wmode#"></embed></object>'); if(!defined("YOUTUBE_VIDEO_EMBED")) define("YOUTUBE_VIDEO_EMBED", '<object width="425" height="344" style="display:block;"><param name="movie" value="https://www.youtube.com/v/#video#&rel=0&color1=0xb1b1b1&color2=0xcfcfcf&feature=player_embedded&fs=1#autoplay#"></param><param name="allowFullScreen" value="true"></param><param name="wmode" value="#wmode#"></param><embed src="https://www.youtube.com/v/#video#&rel=0&color1=0xb1b1b1&color2=0xcfcfcf&feature=player_embedded&fs=1#autoplay#" type="application/x-shockwave-flash" allowfullscreen="true" width="425" height="344" wmode="#wmode#"></embed></object>');
After done do changes youtube works fine now , so this doesn't exist in 7.1.5 version !
Proud Hosted by Zarconia.net |
Thank you for pointing this out, I've checked in dev version and it's fixed there already:
http://www.boonex.com/trac/dolphin/ticket/3507
After done do changes youtube works fine now , so this doesn't exist in 7.1.5 version !
Rules → http://www.boonex.com/terms |
dolphin works great with https - besides making the already mentioned changes to the /inc/header.inc.php file - you must also add this to your .htaccess file:
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
caredesign.net |
Got all of that thanks, i'm using mod evowall and when i post a link with http on it , the SSL lock next to https turn to grey and i know cause of displaying an outsider link , but is this normal ? for example in facebook even if you post an http link the Lock stay next to https and it never go into warning mode...
is there a way to sort this out ?
Proud Hosted by Zarconia.net |
I think you need to contact author of this mod
Got all of that thanks, i'm using mod evowall and when i post a link with http on it , the SSL lock next to https turn to grey and i know cause of displaying an outsider link , but is this normal ? for example in facebook even if you post an http link the Lock stay next to https and it never go into warning mode... is there a way to sort this out ?
Rules → http://www.boonex.com/terms |
Alex sometimes we have to figure out things ourselves lol, sorted half of it in evowall, still sorting some > but thanks :) Proud Hosted by Zarconia.net |
Somehow I can't seem to fix the youtube issue.
Tried changing the url's to https, but no result. Also tried clearing the caches...
Any ideas?
|
Fixed by my host: Zarconia :)
Changed something in TinyMCE.
|
After I made the necessary changes as stated in this post;
I also had to make the following changes to banners and any image that was located externally to the page was https://, for example; Quantcast Traffic Measuring had to be changed from a http:// link to https:// and then checked the external source was https ready too.
Bit of a pain but now the whole site is fully SSL now.
Cheers for the posts on here :)
dolphin works great with https - besides making the already mentioned changes to the /inc/header.inc.php file - you must also add this to your .htaccess file:
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
|
These situations on Apache are best handled by the redirect directive on the http / port 80 virtual host and not the .htaccess
<VirtualHost *:80> ServerName example.com ServerAlias www.example.com Redirect permanent / https://example.com </VirtualHost>
|
As Nathan pointed out, all you need is to do the following changes in inc/header.inc.php file:
...
$site['url'] = "https://you-dolphin-site.com/";
...
if ( isset($_SERVER['HTTP_HOST']) and 0 != strcasecmp($_SERVER['HTTP_HOST'], $aUrl['host']) and 0 != strcasecmp($_SERVER['HTTP_HOST'], $aUrl['host'] . ':80') ) {
header( "Location:https://{$aUrl['host']}{$_SERVER['REQUEST_URI']}" );
exit;
}
...
and install SSL certificate for you site
spasibo
|
Im thinking of leaping on the SSL ship as well, with 7.3
Are there any more bugs or things to pay careful attention to in order to NOT screw anything up?
I think I heard that SSL slows site speed, so I would like to ask is it a major decrease in site speed or barely noticeable?
Ultra Newb reporting for duty. |
Same two questions as JUN10R. |
1. There are no any know problems with https in 7.3 version
2. On modern equipment it's hardly noticed, but establishing connection could slow down site opening for a second or two if there is slow ping (500-1000ms).
1. Are there any more bugs or things to pay careful attention to in order to NOT screw anything up?
2. I think I heard that SSL slows site speed, so I would like to ask is it a major decrease in site speed or barely noticeable?
Rules → http://www.boonex.com/terms |
Thank you kind sir!
1. There are no any know problems with https in 7.3 version
2. On modern equipment it's hardly noticed, but establishing connection could slow down site opening for a second or two if there is slow ping (500-1000ms).
1. Are there any more bugs or things to pay careful attention to in order to NOT screw anything up?
2. I think I heard that SSL slows site speed, so I would like to ask is it a major decrease in site speed or barely noticeable?
Ultra Newb reporting for duty. |
The hit in speed comes from the encryption of the page; it has to be encrypted before the webserver sends it out on the net. I don't know what Google (it is all about the money) is planning on doing but the only parts of a site that needs to be encrypted is sensitive data; do we really need to secure that kitten video? I know that YouTube is now https and that really is silly; what sensitive data is in that kitten video? Geeks, making the world a better place |
Unless Google is sending someone over 10,000 new visitors a day, I don't understand why small-time webmasters let themselves get dictated to by a corporate giant?
Concentrate on website content and the people will get you noticed.
Michel on Meta-Travel.com
TravelNotes.org - The Online Guide to Travel |
I edited the header.inc.php and got the error message with a red line around it:
Something went wrong! Please try reloading the page.
reverting back to the original file and the same error message is there, both in the main page and the admin. I deleted the cache, still there. Anyone have any idea what I did wrong?
|
I edited the header.inc.php and got the error message with a red line around it:
Something went wrong! Please try reloading the page.
reverting back to the original file and the same error message is there, both in the main page and the admin. I deleted the cache, still there. Anyone have any idea what I did wrong?
Yes, very useless message. Boonex decided to change the database error message but instead of saying something useful; such as "There was a database error; contact the site administrators" we get the message about refreshing the page which won't solve the issue.
You can turn on full error reporting; that changed as well so I would have to look it up to tell you where; if you need it I will hunt for it. However, usually if you have error reporting email set up when you installed Dolphin, it should have sent the database error message to that email address. If you don't understand the error message then you can post the first part of it here; don't do the full backtrace, and we can help.
Geeks, making the world a better place |
Thanks, Geek Girl. I ended up deleting these files and reinstalling, ran into the problem I described in the other post but solved it by deleting a few lines in the htaccess file referring to php5. |