• Welcome to the Chevereto user community!

    Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.

    Please keep in mind:

    • 😌 This community is user driven. Be polite with other users.
    • 👉 Is required to purchase a Chevereto license to participate in this community (doesn't apply to Pre-sales).
    • 💸 Purchase a Pro Subscription to get access to active software support and faster ticket response times.

Secure links

Status
Not open for further replies.
S

sunbelttools

Chevereto Member
Website URL
http://www.sunbelttools.co/admin

Chevereto version
3.10.5

Description of the issue
Hello,

We have just purchased and installed our own SSL certificate on our host server (we have verified that the SSL Certificate chain is working correctly). We are trying to provide links to our images in HTTPS rather than HTTP. For our existing links we can manually change HTTP to HTTPS, but we are afraid if we do that it may not work consistently on all of our sites. Also going forward, Chevereto is not serving up HTTPS links through the script (only HTTP links) after we upload new images.

We know that Chevereto can serve up HTTPS links, but we are unsure of the process. Is there a setting that we have to activate?


Thank you!
 
When you setup HTTPS in your server and everything works as expected, PHP will populate the $_SERVER array with properties that allows scripts to know what kind of protocol is supported by the web server. Also, Chevereto will always try to use HTTPS if enabled and working properly.

This is the thing... Certs don't work the same as 3 years ago and some service providers just don't fill all gaps. With conventional certificates (you know, all the CSR key generation stuff) the web server gets injected with the values that Chevereto uses to detect HTTPS, but new ways to provide HTTPS trends to fail in this little fine tuning. These affects cPanel, CloudFlare, some weird global shared cert, etc.

The problem is not that much on the hosting companies but in how the thing gets configured by some server admin that just forgot to add a configuration line somewhere. Sometimes you can't tweak that (permissions) and the server admin won't even mind in setup the thing properly.

To be honest, I'm extremely tired of all this stuff so for the next revision, I just added some stuff that forces HTTPS without even checking if the thing will work or not. I'm very tired of the same reply every time "make it work properly" because well, no one cares about understand how that thing works. I get maybe 3 emails every week from people asking me how to turn on HTTPS and I'm done.

Anyway, at this time you can add this to app/settings.php

PHP: 
$_SERVER['HTTPS'] = 'on';

That will fool the system and will turn everything HTTPS.
 
This is not a Chevereto issue it's a server configuration issue. Get with your host and have them fix it, that's what you pay them for.

Chevereto works just fine with SSL enabled.
 
Jailer said:
This is not a Chevereto issue it's a server configuration issue. Get with your host and have them fix it, that's what you pay them for.

Chevereto works just fine with SSL enabled.
Click to expand...

The problem are all those not-the-real-thing certs that spawned across cPanel that don't work like the real thing and since the script doesn't have an option to force https, then there are several clients with issues like this.

Like I said, I added an option to force that thing so in the next revision it won't be that hard to force https.
 
Status
Not open for further replies.
Back
Top