joomla BASE HREF uses HTTP instead of HTTPS

Angelo Fuchs picture Angelo Fuchs · Nov 1, 2013 · Viewed 8.7k times · Source

I wanted to change my site from http to https. Always.

So I configured my apache accordingly. Now when I enter the URL of my site (https://steamnet.de) it loads the index site fine but none of the referenced elements (CSS, images etc.)

It seems to me that it does so because the base href is set to http://steamnet.de/ and thous does not use https there. I have configured my firefox that it should not load mixed content.

So how can I tell Joomla to set the base href to https://steamnet.de (or otherwise make the site fully ssl?)

I tried to set the global ssl enforce element of joomla configuration ("SSL erzwingen" in german, $force_ssl in configuration.php) to "everything" but then the site breaks with infinite 303 error redirecting to itself. (As an afterthought: I was surprised to find a 303 instead of 301 here. If someone could explain that I would be grateful)

(Laoneo suggested some solutions, that did not work out, for completeness here is the list)

  1. configure $live_site to the https url.
  2. probe if changing $sef and $sef_rewrite helps.

The apache logs: access.log

91.42.221.000 - - [03/Nov/2013:12:41:25 +0100] "GET / HTTP/1.1" 303 4854 "-" "Mozilla/5.0 (Gecko) Firefox/64"
91.42.221.000 - - [03/Nov/2013:12:41:25 +0100] "GET / HTTP/1.1" 303 516 "-" "Mozilla/5.0 (Gecko) Firefox/64"
91.42.221.000 - - [03/Nov/2013:12:41:25 +0100] "GET / HTTP/1.1" 303 516 "-" "Mozilla/5.0 (Gecko) Firefox/64"

error.log contains nothing on access, but the following lines on reload

[Sun Nov 03 12:41:16 2013] [notice] Graceful restart requested, doing restart
[Sun Nov 03 12:41:16 2013] [error] (9)Bad file descriptor: apr_socket_accept: (client socket)
[Sun Nov 03 12:41:17 2013] [warn] RSA server certificate CommonName (CN) `Angelo Neuschitzer' does NOT match server name!?
[Sun Nov 03 12:41:17 2013] [notice] Apache/2.2.16 (Debian) PHP/5.3.3-7+squeeze17 with Suhosin-Patch proxy_html/3.0.1 mod_ssl/2.2.16 OpenSSL/0.9.8o configured -- resuming normal operations

Answer

Daniel Dimitrov picture Daniel Dimitrov · May 19, 2015

I'm sorry, but I don't think the current answer is really correct. This answer promotes a hack and goes around the problem. The next time you update Joomla, you'll have to update the core file, because it is going to be overriden.

Actually if we look in the code for JURI in getInstance we can see this:

// Determine if the request was over SSL (HTTPS).
if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off'))
{
        $https = 's://';
}
else
{
        $https = '://';
}

The question is why are there servers where $_SERVER['HTTPS'] is obviously not initialized. Although I can't tell you why, what I found out to work is adding this lines to the .htaccess file at the begining:

<IfModule mod_env.c>
   SetEnv HTTPS on
</IfModule>

By doing this $_SERVER['HTTPS'] seems to be initialised and Juri::current will return what we expect - an url starting with https.