Announcement

#1 2012-07-27 20:12:34

fr
Member
2012-07-27
9

[resolved] how to activate SSL/HTTPS for the login page ?

Hello everyone,

is there a way to activate SSL (HTTPS) for the login page?

- I am running Piwigo 2.4.3,
- I have a valid SSL certificate for my domain
- I tried the workaround described here -> http://piwigo.org/bugs/print_bug_page.php?bug_id=2689 (added my domain to identification.php, password.php and register.php)
- is there a Piwigo keystore where I have to copy the private key of my domain certificate to?

thanks in advance

FR

Last edited by fr (2012-07-27 22:28:49)

Offline

 

#2 2012-07-30 14:13:54

fr
Member
2012-07-27
9

Re: [resolved] how to activate SSL/HTTPS for the login page ?

problem is solved :-)
the provider required two more days to really activate the certificate (previously shown certificate status "active" was not correct)

Offline

 

#3 2013-05-03 01:35:20

bonhommedeneige
Member
France
2013-05-03
29

Re: [resolved] how to activate SSL/HTTPS for the login page ?

I've released a plugin to force usage of HTTPS for any connection.
http://piwigo.org/ext/extension_view.php?eid=697
Enjoy !

Offline

 

#4 2013-05-03 22:28:23

fr
Member
2012-07-27
9

Re: [resolved] how to activate SSL/HTTPS for the login page ?

Hi bonhommedeneige,

thanks for the plugin, but when I activate it I get this message at the top of my webpages:

Notice: Undefined index: piwigo_force_https in /hp/bq/ac/io/www/piwigo/plugins/piwigo-force-https/main.inc.php on line 111

This is line 111:

$conf['piwigo_force_https'] = unserialize($conf['piwigo_force_https']);

any ideas?

I am running Piwigo 2.5.1

regards
FR

Offline

 

#5 2013-05-03 22:47:42

flop25
Piwigo Team
2006-07-06
6965

Re: [resolved] how to activate SSL/HTTPS for the login page ?

I think that would appear only the first time: go to its settings page and validate once

PS: please open a new thread especially when the current one is marked as Resolved


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

#6 2013-05-03 22:48:47

bonhommedeneige
Member
France
2013-05-03
29

Re: [resolved] how to activate SSL/HTTPS for the login page ?

Thanks, i'll fix it very soon

Offline

 

#7 2013-05-04 21:31:34

bonhommedeneige
Member
France
2013-05-03
29

Re: [resolved] how to activate SSL/HTTPS for the login page ?

Hi,

I've released an update (+enhancement). You can download it there : http://piwigo.org/ext/extension_view.php?eid=697
Hope it will fix your issue (it should :-) )

Offline

 

#8 2013-05-05 21:10:19

fr
Member
2012-07-27
9

Re: [resolved] how to activate SSL/HTTPS for the login page ?

Hi,

seems to work now, thanks a lot :-)

regards
FR

Offline

 

#9 2013-07-18 18:55:11

Michel Matton
Guest

Re: [resolved] how to activate SSL/HTTPS for the login page ?

I'm not very good at apache, so I've been searching the piwigo forums and the rest of the internet, to figure out how to have only the login screen ssl encrypted, not everything on my piwigo site.

I was able to piece together the following which gives me the login screen in https, then switches back to http after a successful login.  To me this is perfect because I don't want the added overhead of ssl encryption when I'm just going through the gallery or doing simple admin stuff.  I'm running piwigo on a Raspberry Pi, so I must be conservative with my resources on the Pi.

So here it is for guys like me, who don't have all the technical expertise that so many forum posters assume we have.

This solution uses the .htaccess and I'm running apache2 on my Pi.
I installed webmin and phpmyadmin on my Pi which automatically setup ssl on apache.

1. create a .htaccess file on your pc and paste the following into the file and save it.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI}  ^/piwigo/identification\.php$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]

RewriteCond %{REQUEST_URI}  !^/piwigo/identification\.php$
RewriteCond %{HTTPS} on
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]

2. ftp the .htaccess file to your piwigo folder (eg. var/www/piwigo) Make sure permissions and ownership are identical to other files in that location.

3. copy /etc/apache2/mods-available/rewrite.load to /etc/apache2/mods-enabled if it isn't there already or create a symlink to the file.

4.restart apache or reboot your server.

Your done!!!!

Here's an explanation of the commands in the .htaccess file
- turn rewrite engine on
- check if https is off
- check if it's the login page
- if it is, redirect to https page
- R=302 does the redirection once (not permanently)
- L makes this the last command to execute

if the first command was not executed, it continues checking through the .htaccess file

- checks to make sure it's not the login page
- checks to make sure https is on
- if it is, redirect to http page

I hope this is useful for anybody who just wants their login page encrypted.

Cheers,
Michel. 

P.S. My Raspberry Piwigo gallery is at http://myphotos.linkpc.net if you want to see how piwigo runs on the $35 Pi.

 

#10 2013-07-19 12:42:59

flop25
Piwigo Team
2006-07-06
6965

Re: [resolved] how to activate SSL/HTTPS for the login page ?

Thx for sharing!
that confirms what we say from the beginning: it's up to the user to configure its server!


To get a better help : Politeness like Hello-A link-Your past actions precisely described
Check my extensions : more than 30 available
who I am and what I do : http://fr.gravatar.com/flop25
My gallery : an illustration of how to integrate Piwigo in your website

Offline

 

#11 2013-07-27 21:40:37

Michel Matton
Guest

Re: [resolved] how to activate SSL/HTTPS for the login page ?

Just a quick note to other noobs like me...
Even though webmin setup ssl on my server, I still had copy or symlink the default-ssl from the etc/apache2/sites-available directory, to the etc/apache2/sites-enabled directory.

I also had to edit the default-sll file and change AllowOveride from None to All.

I hope this helps other that want https for only their login page.

Cheers.

 

Board footer

Powered by FluxBB

github twitter facebook google+ newsletter Donate Piwigo.org © 2002-2019 · Contact