Joomla ssl problem - apache

I have a site on joomla and I want to make some specific pages works by secure connection ,
other by simple http connection. Is there some step-by-step manual how to setup apache and joomla for such needs.

You must create a two Apache configuration for this site. One for port 80 (http), and the other for 443 (https). In the settings menu in the admin panel to specify "ssl enabled" to the desired value.

There's a Joomla Plugin called SSL Redirect plugin by Yireo software that might simplify the setup if some parts of the site are SSL and some not.
http://joomlawebhosting.ca/joomla-15-tips/63-joomla-ssl-https-setup.html
http://www.joomlahackers.net/joomla-tutorials/how-to-setup-ssl-in-a-joomla-site.html
http://www.joomlahackers.net/virtuemart-tutorials/how-to-setup-ssl-in-virtuemart-in-a-joomla-site.html

Related

SSL certicicate not working in cpanel

Im using hostgator as my host.They do not provide free ssl certificate.So im using cloudflare free ssl certificate for my site.SSL certificate working everywhere except Cpanel.
I tried manually adding ssl through cpanel option.But not really working!Is there any way i can add it there?
Or it will be really good if my cpnael url cpanel.site.com won't just show up to that address.
If you want to use the CloudFlare SSL certificate then there is no need to add that SSL certificate to yoru cpanel nor to your site. Read the cloudflare documentation in order to see how to create and use Page Rules and their SSL certificate. cPanel has nothing to do with it. CF works just fine with cPanel/WHM and pretty much with any other related hosting panel. Your site can be http only in cPnel and then you do the HTTPS redirection from Clouflare using their Flexible SSL and page rules
cpanel.yourdomain.com ssl is related to server side. If your host allow autossl with Let's Encrypt (for example) then it will install ssl for all your necessary subdomains like webmail, cpanel, mail, www etc. If you are installing ssl manually, then you cannot install it for cpanel subdomain. However if you want to use cpanel securely and have enabled ssl with yourdomain.com the you can use it:
https://yourdomain.com:2083

apache redirect to SSL configured site

I am trying to setup a gitlab repository and I am quite new to the web server side of things. My setup is the following:
I have an apache server which is running my main website on port 8080.
I have the gitlab configured with SSL and Nginx and running on port 2443.
At the moment, the gitlab site can be accessed through https://www.example.com:2443.
What I would like to do is setup a redirect through my apache server where if someone comes to http://www.example.com/gitlab or https://www.example.com/gitlab, they get redirected to ``https://www.example.com:2443` (preferably without the web browser text field changing).
Could this be done easily with Apache? Also, since the redirect is to an SSL site, any special things we need to consider?
You can try adding the redirect directive to your Apache VirtualHosts (8080 and 443).
Redirect permanent /gitlab https://www.example.com:2443

Connection Partially Encrypted in Firefox :SSL

I have uploaded my SSL certificates to IAM purchased from Comodo and evrything looks fine in chrome and opera. But mozilla is giving an error: "Connection Partially encrypted". I am not able gauge why this is happening.
Link : https://www.advisorcircuit.com/
Please tell me what is the possible culprit for this?
and also i want to know , how can i redirect my users to HTTPS ebven if they type http as even if i type http the website loads and opens.
I am using AWS t2.medium instance. So is there any configuration i need to do in my console??
Redirection:
You have a few options:
Block HTTP traffic, only allow HTTPS on the Security Group level ( Not the nicest solution.
Use an Elastic Load balancer, Listening only on HTTPS port. ( Same as above)
The webserver ( most of them like Tomcat, IIS, etc) supports a redirection, so it sends back "HTTP/1.1 301 Moved Permanently", then the client browser does the call again on HTTPS.
If you use Elastic Load Balancer with SSL termination ( which is a good practice, less load on your server, easier setup of the SSL Certificate). Then all your traffic inside your VPC goes on port 80. In this case you need to setup your webserver to redirect differently. Instead of the incoming port, the trigger for the redirection should be the based on the "X-Forwarded-Proto" header value, which is the original protocol what the client is using.
For production environment the last setup is an AWS Best practice. ( Of course there are also other solutions)
Your site is running Apache/2.2.29. You can redirect your virtual host traffic from 80->443 in Apache itself. That way if someone goes to http://www.yourdomain.com then get redirected to https://www.yourdomain.com
ServerFault has an post explaining how to use Apache mod_rewrite to accomplish this
https://serverfault.com/a/554183/280448
Also you need to adjust the SSL cipher suites that your site accepts. Your ELB has an option to change cipher suites and you can deselect some there. The two you definitely want deselected are RC4 and SSL3.
Here's the full report if you want to make more changes
https://www.ssllabs.com/ssltest/analyze.html?d=www.advisorcircuit.com&s=52.7.154.196&latest

use of https only for certain pages does not work

I tried to follow the following stackoverflow answer with no luck
Use HTTPS only for certain pages in servlet based webapp
Here is what i did, created a self signed cert, installed it in tomcat, my entire website works on https. Then i followed the link above to make my login alone https. When i click on login page, the url takes to https://mywebsite.com:8443/signin.htm. I have started my SSL Connector on 443, why is it trying to connect to 8443?
The issue was the redirects in the Connector tag. In server.xml, i had 2 connector, for http(80) and https(443). But the redirect attribute in those connector was set to 8443. I think this means, when the page is on http(80), and according to web.xml we are asking it to goto secure page for example for login then it looks at redirect attribute of http(80) connector. I changed this to 443 and it worked fine.

ssl + nginx + apache + php: links are still displayed as http, not https

I am using VBulletin Suite 4.1.4., which is written using PHP and nginx+apache setup (nginx as the front end server and Apache as the back-end server). This is a pretty standard "nginx+apache" configuration with nginx working on port 80 and apache on port 8080. I tried to enable https support and ran into the following problem.
As I read on the web, when one uses "nginx+apache" and wants to have https, he should configure ssl only for nginx server. So, I added required lines into nginx vhost configuration
listen 443;
server_name myserver.org;
ssl on;
ssl_certificate /tmp/myserver.crt;
ssl_certificate_key /tmp/myserver.key;
When I type https://.... the vBulletin forum opens in secure connection and the lock in the right bottom corner of the browser confirms it, so it looks like my settings work. At least to some extent.
But when I bring the mouse over links on the page, these links are showed as http links, not https. So, if I want to stay in secure connection, I can of course add the letter "s" manually each time I open a new page, but normally when you open forum as https://... all displayed links should automatically change to https.
Any ideas why this does not happen?
Even the answer where the problem lies - (a) in nginx configuration, or (b) in apache configuration or (c) in vbulletin configuration would help.
Thanks in advance!
The problem is that vBulletin running on apache detects the HTTP protocol, not HTTPS. But, you can change vbulletin settings in the admin panel in the following way:
Forum URL to 'https://your-site.name'
Always use Forum URL as Base Path to 'yes'