Better SSL/HTTPS Support

Trent Newton shared this idea 2 years ago
Under Consideration

Better support for SSL would be ideal considering this is where the future of the internet is heading. Currently Koken seems to only half work especially in the admin console.

Comments (3)

photo
1

I've used SSL from day 1 on a Koken site that I first opened this past November and haven't experienced any issues that have persisted. I don't currently use a cart plugin or anything similar so I have nothing to reference to on that side of things, but I did make a fundamental change to the .htaccess settings file to manage how SSL is initiated. I force SSL on every incoming page request, no matter where it's headed or if it was an internal or external request - and I don't use the default code for using it only during admin login sessions.

The added code takes any request to any valid page/directory that isn't secure - regardless of the server port or the visitor's authentication level - and redirects them all to only use SSL. I left the original comment block intact for reference, and below that is the slightly different directive I added


  1. ## Uncomment the following block to force SSL when accessing /admin
  2. # <IfModule mod_rewrite.c>
  3. # RewriteEngine On
  4. # RewriteCond %{REQUEST_URI} /admin/
  5. # RewriteCond %{SERVER_PORT} 80
  6. # RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  7. # </IfModule>
  8. <IfModule mod_rewrite.c>
  9. RewriteEngine On
  10. RewriteCond %{HTTPS} !=on
  11. RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  12. </IfModule>


The idea was to force secured pages site-wide and simplify finding and fixing whatever errors would crop up. So far, it has forced all the 'contains non-secure...' asset-type errors to go away for me. I don't know if those are the only errors you or others have experienced, but the change seems to work well for my case. If a theme or plugin uses any CDN based assets that are fed from secure sites (jQuery, FontAwesome, Google Fonts or images, etc.), I think the above code should also silence those errors altogether.

photo
1

Hi, should of clarified that I experienced problems while running under the new HTTP2 protocol and using nginx (not Apache). The front-facing part of the site worked fine, but the admin console wouldn't work probably such as not apply settings and failure to upload images and load thumbnails. Things worked better when I went back to normal HTTP.

Issue has been looked at here.

Cheers

photo
1

My knowledge of the all things nginix is pretty much nil, but after reading your page I'm getting a better understanding. My site is currently running on Litespeed, but for all intents it acts like Apache and takes almost all of the same directives - but - with it being in a shared hosting environment there's no way for domain users like myself to access config files for the web server itself.


The only way that I or others with shared hosts can affect their server are within the minimal choices available via htaccess files or a tightly controlled subset that's settable under cPanel's (or another control panel's) web environment settings. I doubt my provider would have offered your solution as a fix for me if my server setup was the same - so I can see why code changes to Koken core files are the only surefire fix without resorting to server config surgery... which, like me, many users would probably not have access to. It's good to know you found a way around it.


I've already had to switch providers once to gain access to ImageMagick support for Koken's benefit, so I wouldn't have been a happy camper if I had newfound SSL issues after switching too. I'll never do another site without having SSL either, so these issues alone would have turned me away from using Koken (LetsEncypt support was my only other major requirement before switching).

photo