Skrevet av Emne: SSL offloading an SMF forum  (Lest 5074 ganger)

Utlogget Floyd-ATC

  • Livstidsdiktator
  • Administrator
  • Guru
  • *****
  • Innlegg: 542
  • Karma: +12/-0
    • MSN Messenger - floyd@atc.no
    • Vis profil
    • floyd.atc.no
    • E-post
SSL offloading an SMF forum
« på: 29. Oktober 2015, 20:41 pm »
  • [applaud]0
  • [smite]0
  • I have experimented a bit with using my Linux based keepalived/haproxy cluster to do SSL offloading for various web sites of mine and found SMF a bit difficult to work with because it seems to insist on refering to itself using the absolute URL beginning with "http://" (or "https://" if you change board's URL).

    Unfortunately, if you either want to make the forum protocol independent or you want to use SSL offloading (which basically makes the web server unaware of the fact that clients use HTTPS) those self-referencing links become a problem.

    Playing around with the admin settings solved nothing and the few discussions I found on the topic made me question if it was possible at all. However, I found a dead simple solution which involves just three easy steps that seem to work perfectly:
    • In "Settings.php", change $boardurl to '' (WARNING! This cannot be done using the web GUI because it will default to 'http://' and break your forum!!)
    • Update the MySQL 'settings' table and change all URLs from absolute to relative
    • Update the MySQL 'themes' table and change all URLs from absolute to relative

    E.g. to fix my forum I used the following queries:
    Kode: [Velg]
    UPDATE settings SET value=REPLACE(value,'http://forums.atc.no','') WHERE value LIKE 'http://forums.atc.no%';
    UPDATE themes SET value=REPLACE(value,'http://forums.atc.no','') WHERE value LIKE 'http://forums.atc.no%';

    ...and *poof* now my users can either keep using HTTP or they can use HTTPS which gets offloaded by my load balancing cluster. I see no reason why this should not work just fine with any other SSL gateway as well.

    I really can't understand why SMF was designed with absolute URLs to begin with.


    -Floyd.

    --
    Det finnes 10 typer mennesker;
    de som forstår binærtall, de som ikke gjør det, og de som forstår Grey code.