How to set HTTPS?

I just want to post this for everyone who want to set https on their site. And you should for better ranking on Google.

Do the following:

First get free ssl > (read the tutorials if you cant manage)

do not change file (ssl off) - this should be repaired by developers

Now, thanks to ROB do the following steps:

  1. find and change code in file: /lib/pkp/classes/core/

  2. change code, for version line 358:

function getProtocol() {
		$_this =& PKPRequest::_checkThis();

	/*	if (!isset($_this->_protocol)) {
			$_this->_protocol = (!isset($_SERVER['HTTPS']) || 

strtolower_codesafe($_SERVER['HTTPS']) != 'on') ? 'http' : 'https';
			HookRegistry::call('Request::getProtocol', array(&$_this-

		return $_this->_protocol; */
		if (!isset($_this->_protocol)) {

/* ok first condition is "true" (it aint set) and second is true as its nothing so not 

equal to 'on' so outcome will always be "http" */
/*	So line below removed and replaced by line below as in my setup the server is 

behind a proxy see ZenDesk ticket #3473 by RCP dec 2014 */
/*	HTTP_X Etc. var is something added here to pass on the actual protocol as its 

hidden by the by RCP dec 2014 */
/*	$_this->_protocol = (!isset($_SERVER['HTTPS']) || strtolower_codesafe($_SERVER

['HTTPS']) != 'on') ? 'http' : 'https';	*/
HookRegistry::call('Request::getProtocol', array(&$_this->_protocol));
$_this->_protocol = $_SERVER['HTTP_X_FORWARDED_PROTO'];
			return $_this->_protocol;

Vaso , now

1 Like

Can you explain what issues you had with just turning on force_ssl in That should be all that is required.

I uploaded to last version (2.4.8.-1) thinking that this issue was corrected, but it is not. It should be solved by turning force_ssl in, but it doesn’t work… try it by yourself

I’ve tested both the force_ssl and the force_login_ssl successfully. We’ll need a bit more to go on. Can you share your webserver configuration and configuration (with sensitive information removed)? What did you experience with the force_ssl option turned on?

Sir, what was the result of this? Does force_ssl work for thanks!

As far as I know, the force_ssl setting works in OJS 2.4.8-1. The only substantiated problem reports have been from users who want to run OJS on a server without an SSL certificate, but behind a proxy server with an SSL certificate. In that case, this directive will not work, but this is a misconfiguration in my mind. SSL should be end-to-end.