Optional SSL in TYPO3 - ssl

I want to make our TYPO3 v4.5 website accessible by HTTP and HTTPS. I already configured SSL for Apache and requesting the main page displays it... partially.
The baseurl within the page links to my http-site (and is not a https-URL), and therefore the browser won't load the css files, because they come from an unsafe part of my domain.
I believe I could switch my whole site to HTTPS, but don't want it. I would like that when the site is called by HTTP, all URLs are generated as http:// and when called over SSL, all urls should be generated as https:// URLs.
Did anybody achieve something like that?

Use a TypoScript condition to output the base URL dependent on the used protocol:
config.baseURL = http://example.com
[globalString = ENV:HTTPS=on]
config.baseURL = https://example.com
[global]
That's a bit ugly (as both variants will not share caches), but Protocol-relative tags are not possible. The only alternative (to baseURL) is config.absRefPrefix.

Related

How to ensure my website loads all resources via https?

URL in question: https://newyorkliquorgiftshop.com/admin/
When you open the above page, you can see in the console that there are lots of error messages saying "...was loaded over HTTPS, but requested an insecure stylesheet.."
This website was working well until all of a sudden this problem shows up. I am not very familiar with https, but I have contacted with Godaddy and the SSL certificate is valid, and there is no obvious problem with "https://newyorkliquorgiftshop.com". And I am stuck here, I've some experiences with HTTPS website before, if the URL of website's homepage is "https", then every resources it loads is via "https" too. I don't know why my website behave differently and I don't know where to start to solve the problem? Any hint is appreciated especially articles about HTTPS that is related to my problem.(I have done a brief research regarding HTTPS but most of the articles I found are about the basic concepts.)
If you have access to the code (not sure what you built the website using), try using https instead of http for the URL's you use to load your style sheets and script files.
For example one of the errors is
Mixed Content: The page at 'https://newyorkliquorgiftshop.com/admin/' was loaded over HTTPS, but requested an insecure script 'http://www.newyorkliquorgiftshop.com/admin/view/javascript/common.js'. This request has been blocked; the content must be served over HTTPS.
You are requesting the .js file using HTTP, try using HTTPS like so:
https://www.newyorkliquorgiftshop.com/admin/view/javascript/common.js

setting up an SSL site with multiple bindings in IIS 8.5

I am hoping you can help. I have 5 websites that run off the same .net code base and have different themes based on the url.
For example, http://site1.mydomain.co.uk is set up so that it does a http redirect to https://site1.mydomain.co.uk and I have the main SSL IIS entry as mydomain.co.uk with a wildcard SSL certificate and bindings for https://site1.mydomain.co.uk.
The issue I have though is when I put the http redirect on one of the other urls, all of them change to the last one entered. If that makes sense?
So, let's say I have just finished the site1.mydomain.co.uk entry and now move onto site2.mydomain.co.uk. I create the https://site2.mydomain.co.uk binding in the main mydomain.co.uk IIS record and then put a http redirect on http://site2.mydomain.co.uk so that it redirects to https://site2.mydomain.co.uk.
If I then go and check the previous record, site1.mydomain.co.uk the redirect has now changed to https://site2.mydomain.co.uk which is not what I wanted. Why is it doing this and how can I prevent this?
Is there any chance you're using the same folder in the filesystem for all 5 websites?
In IIS, the HTTP Redirect settings are stored in a web.config file in the folder you're serving from, so if you were serving all 5 sites from the same folder then they would all have the same settings, i.e. changing the settings for one of them would change it for all of them.
That being said, I strongly recommend that you use URL Rewrite to do http to https redirects. Doing the redirect in this way is compatible with having 5 sites served from the same folder. You can install it from here (WARNING: the install requires an iisreset, i.e. a brief downtime for your site): http://www.iis.net/downloads/microsoft/url-rewrite
After installing URL Rewrite, you can create a rule to do the redirect. Stack Overflow won't let me post the screenshot here, so I uploaded it to here: http://postimg.org/image/4s4vjajs3/cf4f5c08/
Also, if you're using a wildcard certificate, then doing the redirect in this way might remove your need for having 5 different websites.

External sites link https issue

I have a video website which I recently changed from http to https.
i.e http://example.com to https://www.example.com.
And I have also made an htaccess entry to automatically 301 redirect all http urls to https.
The old video embed code links given to external customer sites are like :
<script scr="http://example.com/embed_script.js"></script>
Some customer websites also changed to http to https. In those https websites the above link with http protocol won't work because of mixed content. I have no control over the customer sites to change those urls to https. Any automatic redirect solution exists for this ?
You can't fix this unless you get them to use https. You could perhaps locally cache a copy as a workaround, but I've never done that.

SSL on wordpress with non-SSL elements

I have a website built using by default using Http protocol , and I'd like to turn it to HTTPS for security purposes.
But, I have a lot of articles (more than 1000) with non-ssl elements like iframe, images from other sites etc...
How can I make it works? I see that CSS and JS are not loading because it use the HTTP link...
I know I can change the header, it's easy but what about these articles?
Is there a plugins that convert http:// to https// ?

In apache, if i go to https://example.com, all images/links are http://. Is there way to auto rewrite the html so it's all https://?

I'm sure i've seen a feature in apache that can rewrite urls so you can point domain2.com at domain1.com and it rewrites everything domain1.com to domain2.com on the fly.
is there a similar thing for https?
In apache, if i go to https://example.com, the page itself is over https, but all images/links are http://. Is there way to auto rewrite the html so its all https://?
(it's running zen cart by the way)
Try this:
Using a protocol-independent absolute
path:
<img src="//domain.com/img/logo.png"/>
If the browser is viewing an page in
SSL through HTTPS, then it'll request
that asset with the https protocol,
otherwise it'll request it with HTTP.
This prevents that awful "This Page
Contains Both Secure and Non-Secure
Items" error message in IE, keeping
all your asset requests within the
same protocol.
Unless you use absolute URLs everyhwere, this should work "automagically". So you only need to check two things:
use relative URLs to point to resources on your own server and
make sure you're not using <base href="http://something">
You can just link to /path/to/page.html instead of http://example.com/path/to/page.html. That way, if it's HTTP it'll stay HTTP, and if it's HTTPS it'll stay HTTPS.
If Zen Cart is adding the domain to all links, though, you'll need to edit the software.
The apache module you referenced is called mod_rewrite, and yes it can handle what you are asking for, although I agree with the above answers that using a protocol independent path is the best solution.