K4:Enabling SSL
From In-Portal Developers Guide
m (1 версия) |
Current revision (23:38, 27 November 2010) (view source) (Side-box) |
||
(7 intermediate revisions not shown.) | |||
Line 1: | Line 1: | ||
{{toc | category = Настройка системы | sortkey = 003.001}} | {{toc | category = Настройка системы | sortkey = 003.001}} | ||
- | + | Before configuring the protocol, a valid SSL-certificate must be installed on the server. | |
{| class="prettytable vertical-table" | {| class="prettytable vertical-table" | ||
- | ! | + | ! valid SSL-certificate || invalid SSL-certificate |
|- | |- | ||
| style="text-align: center;" | [[Image:ssl_valid.jpg|frameless|border|действительный SSL-сертификат]] | | style="text-align: center;" | [[Image:ssl_valid.jpg|frameless|border|действительный SSL-сертификат]] | ||
| style="text-align: center;" | [[Image:ssl_error.jpg|frameless|border|не действительный SSL-сертификат]] | | style="text-align: center;" | [[Image:ssl_error.jpg|frameless|border|не действительный SSL-сертификат]] | ||
|} | |} | ||
- | + | The above example shows how a browser window looks when a valid SSL-certificate is installed versus when an invalid SSL-certificate is installed (for example, because it was issued to a different site). | |
+ | <br /><br /> | ||
+ | All [[K4:Configuration|configuration variables]] needed for configuring an SSL can be found in the section "<code>Configuration -> System Variables</code>" in the administrative console. It doesn't matter for which side of the site the SSL is being setup, a value for the configuration variable [[K4:Configuration#SSL_URL|SSL_URL]] ("<code><nowiki>SSL Full URL (https://www.domain.com/path)</nowiki></code>") must always be entered. | ||
- | |||
- | |||
- | == SSL | + | == SSL for Administrative Console == |
- | [[Image:ssl_admin.jpg|thumb|left| | + | [[Image:ssl_admin.jpg|thumb|left|Administrative console in SSL mode]] |
- | + | To configure an SSL for the administrative console, the configuration variable [[K4:Configuration#Require_AdminSSL|Require_AdminSSL]] ("<code>Require SSL for Administrative Console</code>") must be turned on. Then, we press the <code>Save</code> button in the toolbar and exit the system (<code>logout</code>). On the login page, you should see what's circled on the image to the left. That's it - the protocol has been configured successfully for the administrative console. {{clear|left}} | |
- | == SSL | + | == SSL for Front-end == |
- | + | To configure an SSL for the front-end part of the site (user's side), a couple (depending on functionality of the site) of the following configuration variables must be turned on: | |
{| class="prettytable" | {| class="prettytable" | ||
- | ! | + | ! configuration variable || description |
|- | |- | ||
| [[K4:Configuration#Require_SSL|Require_SSL]]<br><code>Require SSL for login & checkout</code> | | [[K4:Configuration#Require_SSL|Require_SSL]]<br><code>Require SSL for login & checkout</code> | ||
- | | | + | | Turns on SSL mode for site pages where, in the html code of the templates, there is the tag <code><inp2:m_CheckSSL mode="required" condition="Require_SSL"/></code> |
|- | |- | ||
| [[K4:Configuration#Force_HTTP_When_SSL_Not_Required|Force_HTTP_When_SSL_Not_Required]]<br><code>Redirect to HTTP when SSL is not required</code> | | [[K4:Configuration#Force_HTTP_When_SSL_Not_Required|Force_HTTP_When_SSL_Not_Required]]<br><code>Redirect to HTTP when SSL is not required</code> | ||
- | | | + | | This option is needed so that there is an automatic redirect to an address without https when a user goes from a page with the SSL protocol to a page without SSL. |
|- | |- | ||
| [[K4:Configuration#UseModRewriteWithSSL|UseModRewriteWithSSL]]<br><code>Enable MOD_REWRITE for SSL</code> | | [[K4:Configuration#UseModRewriteWithSSL|UseModRewriteWithSSL]]<br><code>Enable MOD_REWRITE for SSL</code> | ||
- | | | + | | If the front-end uses MOD_REWRITE technology, then it's possible (but not required) to turn on MOD_REWRITE so that in SSL-mode links are also built using MOD_REWRITE. |
|} | |} | ||
- | + | To switch into SSL-mode and back on templates, the '''<code>m_CheckSSL</code>''' tag must be used. It's recommended to put the tag at the beginning of the template or after the <code>m_RequireLogin</code> tag, when this tag is used. Below is an example of using this tag in a template: | |
<source lang="xml"> | <source lang="xml"> | ||
<inp2:m_CheckSSL mode="required"/> | <inp2:m_CheckSSL mode="required"/> | ||
- | <inp2:m_include template="inc/header"/> // | + | <inp2:m_include template="inc/header"/> // inside the template "inc/header" there must be the tag <inp2:m_CheckSSL/> |
HTML Code | HTML Code | ||
<inp2:m_include template="inc/footer"/> | <inp2:m_include template="inc/footer"/> | ||
</source> | </source> | ||
- | + | Description of the <code>m_CheckSSL</code> tag parameters: | |
{| class="prettytable" | {| class="prettytable" | ||
- | ! | + | ! name || description |
|- | |- | ||
- | | {{ConfigProperty|mode|string}} || | + | | {{ConfigProperty|mode|string}} || If this parameter is set to "<code>required</code>", then the template will be marked as requiring an SSL to work correctly. If visiting this page while not in SSL-mode, then SSL-mode will be automatically turned on. If the parameter is not set or an empty value is set, then it'll have the opposite effect. |
|- | |- | ||
- | | {{ConfigProperty|for_logged_in_only|int}} || | + | | {{ConfigProperty|for_logged_in_only|int}} || If this parameter is set, then SSL-mode will only turn on for authenticated users. |
|- | |- | ||
- | | {{ConfigProperty|condition|string}} || | + | | {{ConfigProperty|condition|string}} || The name of the [[K4:Configuration|configuration variable]], whose value must be checked before allowing a switch to SSL-mode. If this configuration variable is missing or turned off, then a change into SSL-mode will not happen. |
+ | {{TipBox|For the front-end, the [[K4:Configuration#Require_SSL|Require_SSL]] configuration variable can be used.}} If the plan is to switch parts of a site into SSL-mode depending on configuration settings, then this is the parameter that's needed. | ||
|} | |} | ||
- | [[Image:ssl_front.jpg|thumb|left| | + | [[Image:ssl_front.jpg|thumb|left|My Account in SSL mode ]] |
- | + | Basically, that's it, after turning on all corresponding options and setting up the <code>m_CheckSSL</code> tag, we can consider setup to be complete. On the left is an image of a <code>My Account</code> page with the SSL protocol turned on. On the page, we can see the 2 correct "SSL locks", that indicate that the protected mode has been setup properly. If these "locks" are shown with a line through them, then it means that the protocol wasn't setup correctly on the server or that it's expired. {{clear|left}} | |
{| class="vertical-table" | {| class="vertical-table" | ||
- | | [[Image:secure_warning.jpg|thumb|left| | + | | [[Image:secure_warning.jpg|thumb|left|SSL certificate warning] |
- | | | + | | It's possible that the browser, when loading a page, may show a warning like the one in the image on the left. As a rule, this kind of warning is shown when the page has a link that's not written using a relative path, instead using an absolute path and without the SSL protocol. To avoid this, it's strongly recommended to format all links to elements on the site (images, stylesheets, etc.) using the tag '''<code>m_TemplatesBase</code>''': |
- | * ''' | + | * '''incorrect''': <code><nowiki><img src="http://www.youdomain.com/img/sample_image.gif" alt=""/></nowiki></code> |
- | * ''' | + | * '''correct''': <code><img src="'''<inp2:m_TemplatesBase/>'''<nowiki>/img/sample_image.gif" alt=""/></nowiki></code> |
|} | |} | ||
+ | |||
+ | [[en:{{FULLPAGENAME}}]] | ||
+ | [[ru:K4:Как включить SSL-режим]] | ||
+ | |||
+ | Translated from [http://guide.in-portal.org/rus/index.php?title=K4:%D0%9A%D0%B0%D0%BA_%D0%B2%D0%BA%D0%BB%D1%8E%D1%87%D0%B8%D1%82%D1%8C_SSL-%D1%80%D0%B5%D0%B6%D0%B8%D0%BC&oldid=1067 (revision 1067)] |
Current revision
| ||
---|---|---|
Статьи в этой категории | ||
|
Before configuring the protocol, a valid SSL-certificate must be installed on the server.
valid SSL-certificate | invalid SSL-certificate |
---|---|
The above example shows how a browser window looks when a valid SSL-certificate is installed versus when an invalid SSL-certificate is installed (for example, because it was issued to a different site).
All configuration variables needed for configuring an SSL can be found in the section "Configuration -> System Variables
" in the administrative console. It doesn't matter for which side of the site the SSL is being setup, a value for the configuration variable SSL_URL ("SSL Full URL (https://www.domain.com/path)
") must always be entered.
SSL for Administrative Console
To configure an SSL for the administrative console, the configuration variable Require_AdminSSL ("Require SSL for Administrative Console
") must be turned on. Then, we press the Save
button in the toolbar and exit the system (logout
). On the login page, you should see what's circled on the image to the left. That's it - the protocol has been configured successfully for the administrative console.
SSL for Front-end
To configure an SSL for the front-end part of the site (user's side), a couple (depending on functionality of the site) of the following configuration variables must be turned on:
configuration variable | description |
---|---|
Require_SSLRequire SSL for login & checkout
| Turns on SSL mode for site pages where, in the html code of the templates, there is the tag <inp2:m_CheckSSL mode="required" condition="Require_SSL"/>
|
Force_HTTP_When_SSL_Not_RequiredRedirect to HTTP when SSL is not required
| This option is needed so that there is an automatic redirect to an address without https when a user goes from a page with the SSL protocol to a page without SSL. |
UseModRewriteWithSSLEnable MOD_REWRITE for SSL
| If the front-end uses MOD_REWRITE technology, then it's possible (but not required) to turn on MOD_REWRITE so that in SSL-mode links are also built using MOD_REWRITE. |
To switch into SSL-mode and back on templates, the m_CheckSSL
tag must be used. It's recommended to put the tag at the beginning of the template or after the m_RequireLogin
tag, when this tag is used. Below is an example of using this tag in a template:
<inp2:m_CheckSSL mode="required"/> <inp2:m_include template="inc/header"/> // inside the template "inc/header" there must be the tag <inp2:m_CheckSSL/> HTML Code <inp2:m_include template="inc/footer"/>
Description of the m_CheckSSL
tag parameters:
name | description | ||
---|---|---|---|
mode (string) | If this parameter is set to "required ", then the template will be marked as requiring an SSL to work correctly. If visiting this page while not in SSL-mode, then SSL-mode will be automatically turned on. If the parameter is not set or an empty value is set, then it'll have the opposite effect.
| ||
for_logged_in_only (int) | If this parameter is set, then SSL-mode will only turn on for authenticated users. | ||
condition (string) | The name of the configuration variable, whose value must be checked before allowing a switch to SSL-mode. If this configuration variable is missing or turned off, then a change into SSL-mode will not happen.
|
Basically, that's it, after turning on all corresponding options and setting up the m_CheckSSL
tag, we can consider setup to be complete. On the left is an image of a My Account
page with the SSL protocol turned on. On the page, we can see the 2 correct "SSL locks", that indicate that the protected mode has been setup properly. If these "locks" are shown with a line through them, then it means that the protocol wasn't setup correctly on the server or that it's expired.
[[Image:secure_warning.jpg|thumb|left|SSL certificate warning] | It's possible that the browser, when loading a page, may show a warning like the one in the image on the left. As a rule, this kind of warning is shown when the page has a link that's not written using a relative path, instead using an absolute path and without the SSL protocol. To avoid this, it's strongly recommended to format all links to elements on the site (images, stylesheets, etc.) using the tag m_TemplatesBase :
|
Translated from (revision 1067)