XF 1.5 https is breaking my forum

[tribedude]

I have not been able to get https to work properly on my forum and I don't know why. It completely removes all the board formatting on the site, and many users, including myself, are now automatically being directed to the https URL by chrome. I am worried that people visiting the forum for the first time are seeing the broken layout and leaving. At this point I don't even know how to browse my own forum with http as it is continuously defaulting to https in chrome.

I have consulted Brogan's thread about enabling https here:
https://xenforo.com/community/resources/how-to-implement-ssl-to-secure-http-traffic-https.5425/

The certificate is on the server but I am not really a programmer and the thought of re-writing any URLS sitewide to force it to work on a big board is pretty scary, if this is something I need to do.

1) Is this something simple I can fix myself to get the Xenforo formatting back in place
2) Or, if not what needs to be fixed (so I can ask my programmer guy to do it exactly).



Thanks,

 

[tribedude]

Strangely, my admin CP looks perfect on https, but not the public facing parts of the forum.

 

[Mike]

How have you implemented HTTPS? Is it on your server itself, or is there a reverse proxy or something doing SSL termination? (If it's the latter, then the request isn't actually hitting your server via SSL so we don't detect that automatically -- there is some code that can be added if you intend to force SSL though.

If you've actually implemented SSL within Apache and the requests are going direct to your server like that, then I haven't seen a situation where this happens.

 

[tribedude]

I will have to check into this with my system admin dude!

 

[Jake B.]

Are you using CloudFlare flexible ssl? If so, you'll need to add this to your config.php:

$_SERVER['HTTPS'] = $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https';

Apache/nginx doesn't know it's being visited through https because only the connection between the client and CF is encrypted, it's using regular http between CF and your server. It'd be better to use their full SSL option which requires you to setup an SSL on your server as well, but it will encrypt end to end instead of only between client and CloudFlare

 

[tribedude]

We aren't using Cloudflare as far as I know. .

My administrator says:

"I believe it’s because the CSS and the images aren’t getting loaded over HTTPS, and most browsers will refuse to load mixed content."

 

[Mike]

My administrator says...

He's correct as to what's happening, but the questions I asked were to identify the why and thus to fix it.

Do you know how SSL was set up? Has it been done in Apache directly and is there a reverse proxy, load balancer, etc intercepting the request?

 

[tribedude]

Let me get back to you on this.

 

[tribedude]

He says "Apache directly. No reverse proxy."

We are hosting it on Digital Ocean

 

[Mike]

I've never run into Apache behaving this way. This is specifically indicating that the "HTTPS" variable is not being passed to PHP. I would recommend investigating why that is if possible. That should resolve it.

If it's not possible, you need to use .htaccess to force all requests to the SSL version of the site, then you can add the following to your library/config.php file:

$_SERVER['HTTPS'] = 'on';

 

[tribedude]

We have resolved this, thank you.