1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.3 Problems implementing SSL

Discussion in 'Troubleshooting and Problems' started by Stuart Wright, Sep 24, 2014.

  1. Stuart Wright

    Stuart Wright Well-Known Member

    I've set the board base URL from http://www.avforums to https://www.avforums, but any time a CSS file is called from within a template as an include, it uses css.php with no CDN - and the base URL being http:// breaks it.
    Looks like the manual base board URL is being overridden to http://www.avforums.com, maybe?
    I'm working with Tim @ Nimbus and our coder right now with AVForums down. Any ideas?
  2. Lisa

    Lisa Well-Known Member

    Have you changed your htaccess file to suit?
  3. Mike

    Mike XenForo Developer Staff Member

    If the base href is detecting as http, that would indicate that either the server running PHP wasn't hit with HTTPS (such as if you're using a load balancer/reverse proxy setup) or that there was no environment variable set to indicate this.

    XF expects $_SERVER['HTTPS'] = 'on' to be set (standard in Apache, commonly added in Nginx). You could explicitly set it in config.php if needed.
    Minecraftly likes this.
  4. Stuart Wright

    Stuart Wright Well-Known Member

    Thank you. Chris D says it's a bug in NGINX not sending the https variable through to php in earlier versions. We're running 1.4.1 and he says upgrading will fix it.
  5. Chris D

    Chris D XenForo Developer Staff Member

    I may have been hasty in calling it a bug. It's more like what Mike has said where it just doesn't pass that, which isn't necessarily incorrect.

    There's a way to pass the variable if PHP is used as fastcgi, but that may not be applicable to you.

    We've done this for now.

    There's a small issue this introduces with Gravatar though Mike.

    return (XenForo_Application::$secure 'https://secure' 'http://www')
    $secure is set when Zend Framework is initialised I think, before the config.php file is looked at so it gets the original NULL value.

    I've overridden that Gravatar code to force https://secure. for now.
    Stuart Wright likes this.
  6. MattW

    MattW Well-Known Member

    Upgrading to 1.6.x stable branch will also mean you can use SPDY now you have switched to HTTPS
    Chris D likes this.
  7. Chris D

    Chris D XenForo Developer Staff Member

    I think that's the ultimate driver behind it to be honest.
    MattW likes this.
  8. MattW

    MattW Well-Known Member

    Good choice :)

Share This Page