I run Cloudflare on my site and use the SSL on flexible since I do not have an SSL cert on my origin server.
I have set my site URLs to handle https in the config file.
Refreshing takes about 15-30 seconds since it's trying to request a resource but the resource gives an 522 error.
![[Image: xqnamx.png]](https://camo.mybb.com/97a4b80e8c4bc03abc7e4c2541fcbe3255211235/68747470733a2f2f752e706f6d662e69732f78716e616d782e706e67)
It still serves over http.
That is not the only file which has that problem.
Disabling all plugins doesn't change anything.
I have Cloudflare set to always use https.
It's because you're using http:// instead of https:// in your Board URL setting ( ACP -> Configuration -> Site Details). Change it.
If you want to go one step further then edit head include template and edit "http" to "//"
(2016-04-12, 07:01 PM)Donald_Duck Wrote: [ -> ]It's because you're using http:// instead of https:// in your Board URL setting ( ACP -> Configuration -> Site Details). Change it.
If you want to go one step further then edit head include template and edit "http" to "//"
Check again what I said.
"I have set my site URLs to handle https in the config file."
![[Image: smhsby.png]](https://camo.mybb.com/5fd0b01eab44b5485aa4c32413ae8402448da822/68747470733a2f2f752e706f6d662e69732f736d687362792e706e67)
Ok, what about this "If you want to go one step further then edit head include template and edit "http" to "//" "!
(2016-04-12, 07:25 PM)Donald_Duck Wrote: [ -> ]Ok, what about this "If you want to go one step further then edit head include template and edit "http" to "//" "!
You mean headerinclude?
and the resource isn't even there.
Assuming you meant that I should change all my resources to be like this:
href="//stuff.com"
and I already have everything else set to https.
In order to have all resources secured you will need to filter user content as well - there's the
DVZ SC plugin, or a more advanced solution:
http://community.mybb.com/thread-162572.html
The browser console and the
Output template start/end comments? option in
Server and Optimization Options might help trace the locations of insecure resources;
you can also use the
Search/Replace functionality in Templates (CSS sheets will have to be searched manually).
(2016-04-12, 07:45 PM)Devilshakerz Wrote: [ -> ]In order to have all resources secured you will need to filter user content as well - there's the DVZ SC plugin, or a more advanced solution: http://community.mybb.com/thread-162572.html
The browser console and the Output template start/end comments? option in Server and Optimization Options might help trace the locations of insecure resources;
you can also use the Search/Replace functionality in Templates (CSS sheets will have to be searched manually).
I know about securing user content, I'll do that after I've gotten my own system secured v.v
I've got other broken SSL errors fixed.
The only ones giving me problems now are:
/admin/styles/default/images/icons/user.png
and
/admin/styles/default/modal.css
For some reason they're loaded over HTTP, though I have no idea of where to force it to load over HTTPS.
(2016-04-12, 08:01 PM)Kekko Wrote: [ -> ] (2016-04-12, 07:45 PM)Devilshakerz Wrote: [ -> ]In order to have all resources secured you will need to filter user content as well - there's the DVZ SC plugin, or a more advanced solution: http://community.mybb.com/thread-162572.html
The browser console and the Output template start/end comments? option in Server and Optimization Options might help trace the locations of insecure resources;
you can also use the Search/Replace functionality in Templates (CSS sheets will have to be searched manually).
I know about securing user content, I'll do that after I've gotten my own system secured v.v
I've got other broken SSL errors fixed.
The only ones giving me problems now are:
/admin/styles/default/images/icons/user.png
and
/admin/styles/default/modal.css
For some reason they're loaded over HTTP, though I have no idea of where to force it to load over HTTPS.
oh my god, just change http:// into https://
(2016-04-12, 09:44 PM)Aiko Wrote: [ -> ] (2016-04-12, 08:01 PM)Kekko Wrote: [ -> ] (2016-04-12, 07:45 PM)Devilshakerz Wrote: [ -> ]In order to have all resources secured you will need to filter user content as well - there's the DVZ SC plugin, or a more advanced solution: http://community.mybb.com/thread-162572.html
The browser console and the Output template start/end comments? option in Server and Optimization Options might help trace the locations of insecure resources;
you can also use the Search/Replace functionality in Templates (CSS sheets will have to be searched manually).
I know about securing user content, I'll do that after I've gotten my own system secured v.v
I've got other broken SSL errors fixed.
The only ones giving me problems now are:
/admin/styles/default/images/icons/user.png
and
/admin/styles/default/modal.css
For some reason they're loaded over HTTP, though I have no idea of where to force it to load over HTTPS.
oh my god, just change http:// into https://
and where would I do that smartypants?
inside the the template where its requesting it from? Inspect element is a great tool