Hello everyone,
is there a way to activate SSL (HTTPS) for the login page?
- I am running Piwigo 2.4.3,
- I have a valid SSL certificate for my domain
- I tried the workaround described here -> http://piwigo.org/bugs/print_bug_page.php?bug_id=2689 (added my domain to identification.php, password.php and register.php)
- is there a Piwigo keystore where I have to copy the private key of my domain certificate to?
thanks in advance
FR
Last edited by fr (2012-07-27 22:28:49)
Offline
problem is solved :-)
the provider required two more days to really activate the certificate (previously shown certificate status "active" was not correct)
Offline
I've released a plugin to force usage of HTTPS for any connection.
http://piwigo.org/ext/extension_view.php?eid=697
Enjoy !
Offline
Hi bonhommedeneige,
thanks for the plugin, but when I activate it I get this message at the top of my webpages:
Notice: Undefined index: piwigo_force_https in /hp/bq/ac/io/www/piwigo/plugins/piwigo-force-https/main.inc.php on line 111
This is line 111:
$conf['piwigo_force_https'] = unserialize($conf['piwigo_force_https']);
any ideas?
I am running Piwigo 2.5.1
regards
FR
Offline
I think that would appear only the first time: go to its settings page and validate once
PS: please open a new thread especially when the current one is marked as Resolved
Offline
Thanks, i'll fix it very soon
Offline
Hi,
I've released an update (+enhancement). You can download it there : http://piwigo.org/ext/extension_view.php?eid=697
Hope it will fix your issue (it should :-) )
Offline
Hi,
seems to work now, thanks a lot :-)
regards
FR
Offline
I'm not very good at apache, so I've been searching the piwigo forums and the rest of the internet, to figure out how to have only the login screen ssl encrypted, not everything on my piwigo site.
I was able to piece together the following which gives me the login screen in https, then switches back to http after a successful login. To me this is perfect because I don't want the added overhead of ssl encryption when I'm just going through the gallery or doing simple admin stuff. I'm running piwigo on a Raspberry Pi, so I must be conservative with my resources on the Pi.
So here it is for guys like me, who don't have all the technical expertise that so many forum posters assume we have.
This solution uses the .htaccess and I'm running apache2 on my Pi.
I installed webmin and phpmyadmin on my Pi which automatically setup ssl on apache.
1. create a .htaccess file on your pc and paste the following into the file and save it.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/piwigo/identification\.php$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]
RewriteCond %{REQUEST_URI} !^/piwigo/identification\.php$
RewriteCond %{HTTPS} on
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]
2. ftp the .htaccess file to your piwigo folder (eg. var/www/piwigo) Make sure permissions and ownership are identical to other files in that location.
3. copy /etc/apache2/mods-available/rewrite.load to /etc/apache2/mods-enabled if it isn't there already or create a symlink to the file.
4.restart apache or reboot your server.
Your done!!!!
Here's an explanation of the commands in the .htaccess file
- turn rewrite engine on
- check if https is off
- check if it's the login page
- if it is, redirect to https page
- R=302 does the redirection once (not permanently)
- L makes this the last command to execute
if the first command was not executed, it continues checking through the .htaccess file
- checks to make sure it's not the login page
- checks to make sure https is on
- if it is, redirect to http page
I hope this is useful for anybody who just wants their login page encrypted.
Cheers,
Michel.
P.S. My Raspberry Piwigo gallery is at http://myphotos.linkpc.net if you want to see how piwigo runs on the $35 Pi.
Thx for sharing!
that confirms what we say from the beginning: it's up to the user to configure its server!
Offline
Just a quick note to other noobs like me...
Even though webmin setup ssl on my server, I still had copy or symlink the default-ssl from the etc/apache2/sites-available directory, to the etc/apache2/sites-enabled directory.
I also had to edit the default-sll file and change AllowOveride from None to All.
I hope this helps other that want https for only their login page.
Cheers.