How to set HTTPS?

vaso · October 27, 2016, 10:50am

I just want to post this for everyone who want to set https on their site. And you should for better ranking on Google.

Do the following:

First get free ssl > cloudeflare.com (read the tutorials if you cant manage)

do not change config.inc.php file (ssl off) - this should be repaired by developers

Now, thanks to ROB do the following steps:

https://pkp.sfu.ca/support/forum/viewtopic.php?t=13259

find and change code in file: /lib/pkp/classes/core/PKPRequest.inc.php
change code, for version 2.4.8.1. line 358:

function getProtocol() {
		$_this =& PKPRequest::_checkThis();

	/*	if (!isset($_this->_protocol)) {
			$_this->_protocol = (!isset($_SERVER['HTTPS']) || 

strtolower_codesafe($_SERVER['HTTPS']) != 'on') ? 'http' : 'https';
			HookRegistry::call('Request::getProtocol', array(&$_this-

>_protocol));
		}
		return $_this->_protocol; */
		
		if (!isset($_this->_protocol)) {

/* ok first condition is "true" (it aint set) and second is true as its nothing so not 

equal to 'on' so outcome will always be "http" */
/*	So line below removed and replaced by line below as in my setup the server is 

behind a proxy see ZenDesk ticket #3473 by RCP dec 2014 */
/*	HTTP_X Etc. var is something added here to pass on the actual protocol as its 

hidden by the by RCP dec 2014 */
/*	$_this->_protocol = (!isset($_SERVER['HTTPS']) || strtolower_codesafe($_SERVER

['HTTPS']) != 'on') ? 'http' : 'https';	*/
HookRegistry::call('Request::getProtocol', array(&$_this->_protocol));
		} 
$_this->_protocol = $_SERVER['HTTP_X_FORWARDED_PROTO'];
			return $_this->_protocol;
	}

Regards,
Vaso
metall-mater-eng.com , now https://metall-mater-eng.com

ctgraham · October 27, 2016, 12:53pm

Can you explain what issues you had with just turning on force_ssl in config.inc.php? That should be all that is required.

vaso · November 3, 2016, 1:55pm

I uploaded to last version (2.4.8.-1) thinking that this issue was corrected, but it is not. It should be solved by turning force_ssl in config.inc.php, but it doesn’t work… try it by yourself

ctgraham · November 3, 2016, 2:05pm

I’ve tested both the force_ssl and the force_login_ssl successfully. We’ll need a bit more to go on. Can you share your webserver configuration and config.inc.php configuration (with sensitive information removed)? What did you experience with the force_ssl option turned on?

radjr · March 21, 2017, 6:58pm

Sir, what was the result of this? Does force_ssl work for 2.4.8.1? thanks!

ctgraham · March 22, 2017, 3:40pm

As far as I know, the force_ssl setting works in OJS 2.4.8-1. The only substantiated problem reports have been from users who want to run OJS on a server without an SSL certificate, but behind a proxy server with an SSL certificate. In that case, this directive will not work, but this is a misconfiguration in my mind. SSL should be end-to-end.