Loading...
 
Architecture / Installation

Architecture / Installation


Cloudflare SSL

posts: 84320 Canada

Hi,

I am having difficulties getting Cloudflare SSL to work on tiki 14.2. I had no issues getting it to work on tiki 12.1.

The issue appears to be that tiki appends port 80 onto the URL after in HTTPS.

Ya, so the first time I set it up with the expected settings. Now I'm at a loss.

My 12.1 settings are as follows:

Tiki Settings:
http_port: NULL
https_port: NULL
session_protected: n
login_http_basic: ssl
feature_switch_ssl_mode: n
https_login:force_nocheck

.htaccess settings
RewriteCond %{HTTP:X-Forwarded-Proto} =http #redirect all http traffic
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC] # redirect all www traffic
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]


New tiki install Behaviour:
Tiki redirects traffic to HTTPS (I can't figure out why, its probably a setting I can't find) After redirection to https, and appends a port:80 onto the address... of course this fails as https does not run off port 80. (I have removed the .htaccess settings to make this more simplistic)

If I manually remove the port 80 from the address, the page displays properly. Changing settings to force SSL has resulted in infinite redirects (as expected with cloud flare flexible ssl)

Manually changing both http_port and https_port to 443 has made no difference. Tiki still uses 80.

Any thoughts? I need a fresh pair of eyes for this issue. Thanks.

posts: 84320 Canada

ok, while. Ive tried everything I can. Im giving up. Any idea on if there is a mysql file I can use to reset all my settings while keeping the data I have input? Hoping I don't have to reinstall.

I will try enabling settings one by one to see if I can find where the issue is.


posts: 84320 Canada

Solved (sort of)

Ok, so I have it up and working. The issue is with the setting https_login (Use HTTPS login) it needs to be set to encourage (Encourage secure (https) login).

Any other setting except for disable, will cause the above described error (rendering your website useless).

I also noted that if ever you choose: force, force_nocheck or allow, your website will be rendered unusable, and even after changing the setting back, will have no effect and the website will be non-recoverable.

This was a new install, so I didn't loose too much the first time, but it took me about 14 installs to get this figured out. If your upgrading from tiki 12.x be sure to have a database backup. Likewise, if you have an existing website on 14.x and enabling cloudflare ssl for the first time. Be use to keep good database backups!

My final settings were to keep the .thaccess settings ( I guess you only really need the two lines that redirect http to https, but for SEO you should choose ether https://www.mysite or https://mysite, the second two lines redirect all other traffic to the non-www url. An the only ssl setting I changed in tiki was the one in question above. I could perhaps enable others, but am not sure its worth the headache of reinstalling tiki if they don't work.

It should perhaps be mentioned that this is really not a very secure way of implementing ssl. not only the flexible ssl, but also having logins using https optional. Would be much better if tiki would decline any non-secure login attempts, and force data to be transmitted over ssl, or not at all. However in my case, this relatively insecure method of ssl, is good enough.

Hope this helps someone save some time, and perhaps not give up on tiki. Its a really wonderful platform most of the time :-)


Why Register?

Register at tiki.org and you'll be able to use the account at any *.tiki.org site, thanks to the InterTiki feature. A valid email address is required to receive site notifications and occasional newsletters. You can opt out of these items at any time.