I’ve inherited this ojs website which is running ojs 126.96.36.199 atm and yes I will upgrade when I get time. In the meantime, I’ve put a load balancer in front of the website which I hoped would manage the ssl for the site while the apache backend is all port 80. the load balancer redirects all traffic from port 80 to port 443.
This seems to work until someone goes to log in to the journal. when they log in the site redirects to http version of the site and causes an error ‘The connection was reset’ in firefox. If I then manually change the address from http to https the page continues to work and I am logged in. when I log out i get the same error and have to change the address again from http to https.
so my question is, how do I get my site to handle the login nicely by displaying the https:// of the login page?
There is a similar post on a similar issue associated with using a load balancer here: Client Side Using Load Balancing Router visit OJS - #2 by ajnyga - which suggests altering the
config.inc.php file (although the user did not respond and indicate whether or not it worked for them). You might want to give that a try.
The link there does not lead to the right place anymore because the file has changed. But I probably meant the
Sadly, this doesn’t seem to make any difference to the behaviour. When the user browses to the page, it appears as https://sitename. The user then goes to log in and the page changes to http://sitename and gives the error, in chrome, ‘This page isn’t working site didn’t send any data. ERR_EMPTY_RESPONSE’
the user can change the http://to https:// again and the page then works as expected with the user logged in.
I have apache set up to use http port 80 and the config.inc.php has :
force_ssl = Off
force_login_ssl = Off
this happens whether
session_check_ip is set to on or off
I think I fixed this.
I added the below to the http.conf for apache
Header edit Location ^http: https:
Even if you don’t have the time to do any upgrades at least consider applying the security patch Remove JBImages plugin · Issue #5871 · pkp/pkp-lib · GitHub if you haven’t done so already. The link is only added to the line regarding OJS 2.4.8-5 on the Download page of OJS, but it actually affects 2.4.x.
Thanks for the suggestion. Unfortunately, this is governed by another team but I’ll see how I go with your suggestion for the patch.