I’ve inherited this ojs website which is running ojs 2.4.5.0 atm and yes I will upgrade when I get time. In the meantime, I’ve put a load balancer in front of the website which I hoped would manage the ssl for the site while the apache backend is all port 80. the load balancer redirects all traffic from port 80 to port 443.
This seems to work until someone goes to log in to the journal. when they log in the site redirects to http version of the site and causes an error ‘The connection was reset’ in firefox. If I then manually change the address from http to https the page continues to work and I am logged in. when I log out i get the same error and have to change the address again from http to https.
so my question is, how do I get my site to handle the login nicely by displaying the https:// of the login page?
There is a similar post on a similar issue associated with using a load balancer here: Client Side Using Load Balancing Router visit OJS - #2 by ajnyga - which suggests altering the config.inc.php file (although the user did not respond and indicate whether or not it worked for them). You might want to give that a try.
Sadly, this doesn’t seem to make any difference to the behaviour. When the user browses to the page, it appears as https://sitename. The user then goes to log in and the page changes to http://sitename and gives the error, in chrome, ‘This page isn’t working site didn’t send any data. ERR_EMPTY_RESPONSE’
the user can change the http://to https:// again and the page then works as expected with the user logged in.
I have apache set up to use http port 80 and the config.inc.php has :
force_ssl = Off
force_login_ssl = Off
Even if you don’t have the time to do any upgrades at least consider applying the security patch Remove JBImages plugin · Issue #5871 · pkp/pkp-lib · GitHub if you haven’t done so already. The link is only added to the line regarding OJS 2.4.8-5 on the Download page of OJS, but it actually affects 2.4.x.
(Gabriele)