Asked  7 Months ago    Answers:  5   Viewed   39 times

How can I have CodeIgniter load specific pages using SSL? I have an apache2/mode_ssl server. mod_ssl uses a different document root than non-secure pages. For example, https (port 443) would serve pages out of /var/www/ssl_html/ And http (port 80) serves pages out of /var/www/html/. How would I get CodeIgniter to play nice with this setup?

 Answers

20

There are few ways to tackle this.

Option 1:

I would probably have the code deployed to both folders, then in the file: /system/application/config/config.php, set your page to:

$config['base_url'] = "http://www.yoursite.com/"; 

or

$config['base_url'] = "https://www.yoursite.com/";

Then in your non-ssl VirtualHost folder, set your config to redirect protected pages by folder to the SSL site:

RedirectPermanent /sslfolder https://www.yoursite.com/sslfolder

Option 2:

Send everything to SSL and keep all your code in one folder

/system/application/config/config.php, set your page to:

$config['base_url'] = "https://www.yoursite.com/";

Other Options

There are some more hacky ways to do this with header() redirects, etc. but I don't think you want to maintain different code bases for this option. I don't recommend this but you could do something like:

$config['base_url'] = “http://” . $_SERVER['http_host'] . “/”;
Wednesday, March 31, 2021
 
saad
answered 7 Months ago
95

You are probably using self-signed SSL certifiacate, which will not pass when the CURLOPT_SSL_VERIFYPEER options is set.

There are two solutions:

  1. Buy valid SSL certificate.
  2. Disable SSL verification in Curl. (add --insecure option)

If you disable verification, you can't be sure if you are really communicating with your host. So it depends on level of security you need.

Wednesday, March 31, 2021
 
turik
answered 7 Months ago
12

It is easier to handle the no-www and toggle-protocol redirects separately. In the following example:

  1. The www requests are redirected to no-www as-is (handle toggle-protocol redirect on next request)
  2. The http requests for selected pages are redirected to https version
  3. The https requests for other pages are redirected to http version

Note the leading /...(/|$) in the following examples. They ensure that complete path fragments are matched (e.g. in the third set of rules /js/main.js matches but /jsmith/profile does not).

RewriteEngine On

# Force NOWWW
RewriteCond %{HTTP_HOST} ^www.(.+) [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=302,L]

# Force HTTPS
RewriteCond %{HTTPS} =off
RewriteCond %{REQUEST_URI} /(login|account_detail|alternate_address|update_password)(/|$)
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]

# Force HTTP
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} !/(login|account_detail|alternate_address|update_password|css|img|js)(/|$)
RewriteRule ^ http://%{HTTP_HOST}%{REQUEST_URI} [R=302,L]

# Hijack all requests
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php/$0 [L]

The following tests passed:

http://www.example.com/
    http://example.com/

http://www.example.com/a/b?c=3&d=4
    http://example.com/a/b?c=3&d=4

http://www.example.com/login
    http://example.com/login
        https://example.com/login

https://www.example.com/js/javascript.js
    https://example.com/js/javascript.js
        http://example.com/js/javascript.js

Note: Remember to replace 302 with 301 after testing.

Saturday, May 29, 2021
 
alioygur
answered 5 Months ago
27

please go to your application/config/config.php and on the bottom insert this code

function __autoload($class)
{
 if(strpos($class, 'CI_') !== 0)
 {
  @include_once( APPPATH . 'core/'. $class . EXT );
 }
}

Now you are good to go.


please try creating file MY_Controller.php in /core folder with this body

class MY_Controller extends CI_Controller {

    public function __construct() {
        parent::__construct();
        $this->output->enable_profiler(TRUE);
    }

}

and use welcome controller if it works.


I missed note: Everything works on my local WAMP server (apache 2.4 php 5.4) and not on the production server (Ubuntu 12.04, apache 2.4, php 5.5)

Please check your case of files/controllers

Please try editing/renaming everything in to lower case (even my_controller extends CI_Controller).

Saturday, May 29, 2021
 
IvanH
answered 5 Months ago
72

The easiest way to do this is to use a single certificate for all your domain names. Put all other site names in SAN (Subject Alternative Name).

If you prefer one certificate for each domain name, you can write your own key manager and use alias to identify the domain so you can use a single keystore. In our system, we make a convention that keystore alias always equals the CN in the certificate. So we can do something like this,

SSLContext sctx1 = SSLContext.getInstance("SSLv3");
sctx1.init(new X509KeyManager[] { 
    new MyKeyManager("/config/master.jks","changeme".toCharArray(),"site1.example.com")
    },null, null);
SSLServerSocketFactory ssf = (SSLServerSocketFactory) sctx1.getServerSocketFactory();
ServerSocket ss1 = ssf.createServerSocket(1234);

...

SSLContext sctx2 = SSLContext.getInstance("SSLv3");
sctx2.init(new X509KeyManager[] { 
    new MyKeyManager("/config/master.jks","changeme".toCharArray(),"site2.example.com") 
    },null, null);
ssf = (SSLServerSocketFactory) sctx2.getServerSocketFactory();
ServerSocket ss2 = ssf.createServerSocket(5678);

...

public static class MyKeyManager implements X509KeyManager {
    private KeyStore keyStore;
    private String alias;
    private char[] password;

    MyKeyManager(String keyStoreFile, char[] password, String alias)
        throws IOException, GeneralSecurityException
    {
        this.alias = alias;
        this.password = password;
        InputStream stream = new FileInputStream(keyStoreFile);
        keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(stream, password);
    }

    public PrivateKey getPrivateKey(String alias) {
        try {
            return (PrivateKey) keyStore.getKey(alias, password);
        } catch (Exception e) {
            return null;
        }
    }

    public X509Certificate[] getCertificateChain(String alias) {
        try {
            java.security.cert.Certificate[] certs = keyStore.getCertificateChain(alias);
            if (certs == null || certs.length == 0)
                return null;
            X509Certificate[] x509 = new X509Certificate[certs.length];
            for (int i = 0; i < certs.length; i++)
                x509[i] = (X509Certificate)certs[i];
            return x509;
        } catch (Exception e) {
            return null;
        }          
    }

    public String chooseServerAlias(String keyType, Principal[] issuers,
                                    Socket socket) {
        return alias;
    }

    public String[] getClientAliases(String parm1, Principal[] parm2) {
        throw new UnsupportedOperationException("Method getClientAliases() not yet implemented.");
    }

    public String chooseClientAlias(String keyTypes[], Principal[] issuers, Socket socket) {
        throw new UnsupportedOperationException("Method chooseClientAlias() not yet implemented.");
    }

    public String[] getServerAliases(String parm1, Principal[] parm2) {
        return new String[] { alias };
    }

    public String chooseServerAlias(String parm1, Principal[] parm2) {
        return alias;
    }
}
Thursday, July 15, 2021
 
michele
answered 4 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :