MyBB Community Forums

Full Version: SSL on MyBB
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
Pages: 1 2
How to extort SSL on MyBB?

Look:

http://omland.pl

https://omland.pl

And why layout is crashed?
You have hotlinking enabled which doesn't allow the https to use the images.
(2014-12-04, 04:52 PM)TheTechFanatics Wrote: [ -> ]You have hotlinking enabled which doesn't allow the https to use the images.

ok, how to extort SSL? engine: nginx
It's because you're using http:// instead of https:// in your Board URL setting ( ACP -> Configuration -> Site Details). Change it.

And to force https, just add a rule in .htaccess:
http://stackoverflow.com/a/4399158
(2014-12-04, 11:44 PM)Destroy666 Wrote: [ -> ]It's because you're using http:// instead of https:// in your Board URL setting ( ACP -> Configuration -> Site Details). Change it.

And to force https, just add a rule in .htaccess:
http://stackoverflow.com/a/4399158

I add on index.php

if (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] !== 'on') {
    if(!headers_sent()) {
        header("Status: 301 Moved Permanently");
        header(sprintf(
            'Location: https://%s%s',
            $_SERVER['HTTP_HOST'],
            $_SERVER['REQUEST_URI']
        ));
        exit();
    }
}

and nginx dont working, error log = 0

i more reading code...

example:

 if(!headers_sent()) {
        header("Status: 301 Moved Permanently");
        header(sprintf(
            'Location: https://%s%s',
            $_SERVER['HTTP_HOST'],
            $_SERVER['REQUEST_URI']
        ));
        exit();
    }

and is the same problem

i say more! Smile

edit /etc/nginx/sites* and add this

server {
    listen      80;
    server_name signup.mysite.com;
    rewrite     ^   https://$server_name$request_uri? permanent;
}

and is the same problem, log clear wtf.
Well, I never mentioned editing index.php.. Revert the changes in it.

(2014-12-04, 11:57 PM)Szafi Wrote: [ -> ]edit /etc/nginx/sites* and add this


server {
    listen      80;
    server_name signup.mysite.com;
    rewrite     ^   https://$server_name$request_uri? permanent;
}

and is the same problem, log clear wtf.

This is correct for nginx, but of course you have to change signup.mysite.com to your site.
(2014-12-05, 12:07 AM)Destroy666 Wrote: [ -> ]Well, I never mentioned editing index.php.. Revert the changes in it.


(2014-12-04, 11:57 PM)Szafi Wrote: [ -> ]edit /etc/nginx/sites* and add this



server {
    listen      80;
    server_name signup.mysite.com;
    rewrite     ^   https://$server_name$request_uri? permanent;
}

and is the same problem, log clear wtf.

This is correct for nginx, but of course you have to change signup.mysite.com to your site.

I know...


server
{
    server_name omland.pl www.omland.pl;  
    rewrite     ^   https://$server_name$request_uri? permanent;
    access_log /home/omland/log/access.log;  
    error_log /home/omland/log/error.log;
    root /home/omland/www;
  
    index index.php index.html index.htm;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5;
ssl_prefer_server_ciphers on;
  
  
    # use fastcgi for all php files
    location ~ \.php$
    {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
  
    # deny access to apache .htaccess files
    location ~ /\.ht
    {
        deny all;
    }


}
Well:
1. You still didn't change the Board URL in the settings to https.
2. Try this code instead:
server
{
    listen 80;
    listen [::]:80;
    listen 443 default_server ssl;
    server_name omland.pl www,omland.pl;

    access_log /home/omland/log/access.log;  
    error_log /home/omland/log/error.log;
    root /home/omland/www;
  
    index index.php index.html index.htm;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RS​A+RC4:!MD5;
    ssl_prefer_server_ciphers on;
  
  
    # use fastcgi for all php files
    location ~ \.php$
    {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
  
    # deny access to apache .htaccess files
    location ~ /\.ht
    {
        deny all;
    }

    if ($scheme = http)
    {
        return 301 https://omland.pl$request_uri;
    }
}
(2014-12-05, 01:09 AM)Destroy666 Wrote: [ -> ]Well:
1. You still didn't change the Board URL in the settings to https.
2. Try this code instead:

server
{
    listen 80;
    listen [::]:80;
    listen 443 default_server ssl;
    server_name omland.pl www,omland.pl;

    access_log /home/omland/log/access.log;  
    error_log /home/omland/log/error.log;
    root /home/omland/www;
  
    index index.php index.html index.htm;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:EECDH+RC4:RSA+RC4:!MD5;
    ssl_prefer_server_ciphers on;
  
  
    # use fastcgi for all php files
    location ~ \.php$
    {
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
  
    # deny access to apache .htaccess files
    location ~ /\.ht
    {
        deny all;
    }

    if ($scheme = http)
    {
        return 301 https://omland.pl$request_uri;
    }
}


Quote:[email protected]:~# service nginx restart
Restarting nginx: nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()
nginx.

site is offline
Remove
listen [::]:80;
or change it to
listen [::]:80 ipv6only=on;
Pages: 1 2