Joomla SSL and SEF urls : mixed content

lclaude · 2017-12-09 13:26:14 UTC

NethServer Version: 7.4
Module: Php-SCL

Hello all,

I’m assuming a pb of mixed content with a Joomla website when I visit it in https and when I’ve set the SEF urls (url rewriting).
I don’t think the pb is from Joomla, because for exemple: I moved a production website from another server and it was working fine on the old server (debian).
I done a test on a fresh Joomla install, and I’ve still the pb.

What I done:

set php7 for the entire server
create a Vhost
create certificat let’s encrypt for this vhost
upload joomla, create database, activate htaccess and RewriteEngine is On
chown -R apache:apache
install joomla
set SEF param, set “$live_site” param with “https://mydomain.com”

I have a content mixed : CSS, .js and images are not loaded because they aren’t called in SSL.
If I force the https access in joomla params, I have the error: “The page is not redirected correctly” (this message is my translation, “La page n’est pas redirigée correctement” in french).

So, I don’t know what to do now…
Can you help me please ?

Stefano_Zamboni · 2017-12-09 14:09:20 UTC

The issue is not on NS side
You must be sure that your template can manage https links
Sometimes all CSS files and js ones are linked as http (hardcoded)

lclaude · 2017-12-09 14:31:42 UTC

Not sure of that, because it works fine on other servers. I tested on debian and SMEServer.

Yes templates are important, so I done a fresh install with the default template. And it’s the same pb.

planet_jeroen · 2017-12-09 15:38:32 UTC

…what is a ‘pb’ ?

lclaude · 2017-12-09 16:44:09 UTC

pb= problem -> mixed content.

planet_jeroen · 2017-12-09 18:52:16 UTC

Can you post the configuration ? Are you reverse proxying the site as well?

mrmarkuz · 2017-12-10 09:58:58 UTC

I tried it now on a fresh 7.4 and can confirm:

That’s right. Joomla has a static “powered by” link for instance, so mixed content is a Joomla “pb”.

<p>
Powered by <a href="http://www.joomla.org/">Joomla!&#174;</a>
</p>

But there seems to be something strange with Joomla, HTTPS and rewriting.

On a running Joomla Site on my webhost following line in Joomla page source is rewritten to https:

<base href="https://www.myworkingsiteonsomewebhost/" />

but on NethServer it stays http:

<base href="http://joomla.local/" />

What I did:

yum install http://mirror.de-labrusse.fr/NethServer/7/x86_64/nethserver-stephdl-1.0.6-1.ns7.sdl.noarch.rpm
yum install http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
yum install nethserver-phpmyadmin nethserver-php-scl

Web UI:

Create vhost joomla, joomla.local
Put joomla to vhost from https://downloads.joomla.org/cms/joomla3/3-8-2/Joomla_3-8-2-Stable-Full_Package.zip (may be done from client via FTP or on server via wget)
Change PHP version and settings as you need.
Checked DNS resolving of joomla.local

touch /var/lib/nethserver/vhost/joomla/configuration.php
chown -R apache:apache /var/lib/nethserver/vhost/joomla

If you force HTTPS on entire site in Joomla configuration which means set “public $force_ssl = ‘2’;” in configuration.php you get a redirect error.

No reverse proxying.

Chrome error message (sorry for German)

Found a howto, maybe we can improve it:

lclaude · 2017-12-10 16:19:30 UTC

Thank you @mrmarkuz for this confirmation.
I don’t use reverse proxying

Can’t find something in the howto to find a solution…

mrmarkuz · 2017-12-10 16:22:59 UTC

I’ll give it another try asap. Joomla is a popular CMS so we should make it work…

mrmarkuz · 2018-01-05 21:01:29 UTC

Hi @lclaude,

I tried it again and it seems to be a problem with joomla and virtualhosts. If you put your joomla site to /var/www/html, which is the NethServer default web site location, it works with HTTPS. This could be a solution for you as your other sites work as vhosts.
But I am still interested, why joomla is not working with virtualhosts so I uncommented the entries in /etc/httpd/conf.d/virtualhosts.conf and Joomla .htaccess but no success.

lclaude · 2018-01-05 21:12:59 UTC

Hi @mrmarkuz,

Thank you for this try, it’s a very interesting lead!
I’ll do test soon.

And yes I can use the default location for my situation, thanks again

stephdl · 2018-06-03 20:37:56 UTC

Well the broken css comes because the vhost name is not part of the ssl certificate. If you create a letsencrypt certificate with the vhost name (let’s say joomla.domain.com) and if in the vhost setting you apply to use the letsencrypt certificate, then the css is no more broken.

Fun

@giacomo and @davidep why do not we repeat to write the ssl certificate setting (SSLCertificateFile,SSLCertificateKeyFile, SSLCertificateChainFile) in each vhost configuration even if it is the default one, for this case we could avoid this bug.

If we set default to the ssl certificate in the vhost panel page, there is no definition and and the self signed certificate is used even if the letsencrypt one is set to default.

I believe we have a bug here

before you ask it…no custom modules

[root@test joomla.de-labrusse.fr]# httpd -S
VirtualHost configuration:
*:443                  is a NameVirtualHost
         default server test.de-labrusse.fr (/etc/httpd/conf.d/ssl.conf:56)
         port 443 namevhost test.de-labrusse.fr (/etc/httpd/conf.d/ssl.conf:56)
         port 443 namevhost joomla.de-labrusse.fr (/etc/httpd/conf.d/virtualhosts.conf:24)
         port 443 namevhost test2.de-labrusse.fr (/etc/httpd/conf.d/virtualhosts.conf:90)
         port 443 namevhost test3.de-labrusse.fr (/etc/httpd/conf.d/virtualhosts.conf:156)
         port 443 namevhost wordpress.de-labrusse.fr (/etc/httpd/conf.d/virtualhosts.conf:222)
*:80                   is a NameVirtualHost
         default server test.de-labrusse.fr (/etc/httpd/conf.d/virtualhosts.conf:12)
         port 80 namevhost test.de-labrusse.fr (/etc/httpd/conf.d/virtualhosts.conf:12)
         port 80 namevhost joomla.de-labrusse.fr (/etc/httpd/conf.d/virtualhosts.conf:57)
         port 80 namevhost test2.de-labrusse.fr (/etc/httpd/conf.d/virtualhosts.conf:123)
         port 80 namevhost test3.de-labrusse.fr (/etc/httpd/conf.d/virtualhosts.conf:189)
         port 80 namevhost wordpress.de-labrusse.fr (/etc/httpd/conf.d/virtualhosts.conf:255)
ServerRoot: "/etc/httpd"
Main DocumentRoot: "/var/www/html"
Main ErrorLog: "/etc/httpd/logs/error_log"
Mutex ssl-stapling: using_defaults
Mutex proxy: using_defaults
Mutex authn-socache: using_defaults
Mutex ssl-cache: using_defaults
Mutex default: dir="/run/httpd/" mechanism=default 
Mutex mpm-accept: using_defaults
Mutex authdigest-opaque: using_defaults
Mutex proxy-balancer-shm: using_defaults
Mutex rewrite-map: using_defaults
Mutex authdigest-client: using_defaults
PidFile: "/run/httpd/httpd.pid"
Define: _RH_HAS_HTTPPROTOCOLOPTIONS
Define: DUMP_VHOSTS
Define: DUMP_RUN_CFG
User: name="apache" id=48
Group: name="apache" id=48

stephdl · 2018-06-03 20:45:36 UTC

@giacomo @davidep it is confirmed when you set the default certificate the SSLEngine on is not added, see https://github.com/NethServer/nethserver-httpd/blob/master/virtualhosts/etc/e-smith/templates/httpd/vhost-extra/20ssl_engine

SSLEngine on is added only if we precise a certificate…I believe we need to declare it all the time for a ssl vhost

thought ?

davidep · 2018-06-03 21:07:14 UTC

I think you’re right! If sslengine is required, we’re clearly missing it in that template fragment. You’re fix is absolutely welcome!

stephdl · 2018-06-03 21:07:45 UTC

yep…two minutes

mrmarkuz · 2018-06-03 21:36:33 UTC

Good job! Thanks

giacomo · 2018-06-04 08:55:51 UTC

The package is ready for testing: