1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.4 SSL - How to configure properly?

Discussion in 'XenForo Questions and Support' started by DennisSkov, Nov 11, 2014.

  1. DennisSkov

    DennisSkov Active Member

    Hi,

    I bought a dedicated IP from my host, and I'm now using Flexible SSL from CloudFlare. When first visiting my site through HTTPS, I noticed that stylesheets weren't being loaded because the site tried to load them through HTTP. I fixed this by putting in $_SERVER['HTTPS'] = 'on'; in config.php, but I had to clear the entire cache, active logins, cookies etc. before I could view the page correctly.

    Now, I just had someone tell me that the forum looked weird for her. I saw that the website was still trying to load everything through HTTP on her end (stylesheets couldn't be found), and she wasn't able to connect to HTTPS at all.

    I'm worried that this may have affected more than just her, since I have seen less activity on the forum since I activated HTTPS, but if I change back to HTTP, I have the exact same problem as I did when I changed to HTTPS - I have to clear everything (a reboot of browser/machine doesn't work).

    Can anyone provide me with some instructions on what to do?

    Thanks in advance :)
     
  2. DennisSkov

    DennisSkov Active Member

    Anyone?
     
  3. Mike

    Mike XenForo Developer Staff Member

    SSL is almost entirely external to XenForo. If you setup SSL correctly, you generally won't have to do anything to XenForo. For the most part, your issues relate to the fact that you're only doing SSL for half of the connection: between the user and CloudFlare but not between CloudFlare and your server. If you're going to do the half setup, there will be some potential issues as you basically have to tell the system to use a particular value. I would strongly recommend that you go full SSL (user<->CloudFlare<->server) if you're going to set it up.
     
  4. Solidus

    Solidus Well-Known Member

    Best thing to do is generate a self signed certificate and install it on your domain, Cloudflare will verify it and remove any "potentially" dangerous errors.
     
    Mike likes this.

Share This Page