I'm learning Lavarel and I have a problem that I don't know how to solve it.
In an internal network I have the machine http://caption-t3/ with a Laravel application. Users access to the laravel application through the URL: https://www.my-domain.com/app/t3/portal.
A reverse proxy redirects all requests from https://www.my-domain.com/app/t3/portal to http://caption-t3/. I don't have access to the reverse proxy configuration
The problem is that the content is obtained but not the css, js and images files. I don't know if it's a problem with the .htaccess file (an apache server is used and I don't know how to configure the .htaccess files) or with Laravel configuration.
Can anyone give me guidance?
Thanks.
Related
I have hosted my project on the server and my application is getting hacked, as of now I came to know my configuration files are no secured like .env, composer.json etc. These can be directly accessed by saying mydomain/filname e.g., www.abc.com/.env, when anybody hits url like this then file is opened on the browser. How can protect these files. I am using lravel 5.7
It seems you have multiple .htaccess files and your server isn't using the one that Laravel provides.
I have a Laravel website with LAMP stack and host on a ec2 server. I setup the Virtual Host configuration for the host name www.abc.com and it works fine. One day, The client said they want to use their domain to visit the website like www.client.com/abc. They use the reverse proxy to point our ec2 server. The first problem we met is the virtual host has failed and we fixed it by adding server alias setting.
ServerAlias www.client.com
The url has connected to the server correctly and the second problem is coming up. Because of the subfolder of the url www.client.com/abc, all the assets paths are failed. For example, we had fonts, styles and js paths that generated by laravel-mix:
{
"/js/app.js": "/js/app.js",
"/css/app.css": "/css/app.css",
"/js/login.js": "/js/login.js"
}
Those paths are absolute and it turns to 404 found on the website if we use the mix() helper function to load assets. The rendered url on the blade pages are wrong.
It would be
http://www.client.com/js/app.js
instead of
http://www.client.com/abc/js/app.js
And the fonts loaded from the vendor and styles, which use the relative paths and are converted to absolute as well. So we had to workaround this by adding the option processCssUrls: false to webpack.mix.js.
The third problem is the redirection when user logs in out. The defaults redirect url is /. I know we can change the redirect urls in middleware and controllers but it feels like so much workaround over this. Is there any better way to solve those problems?
To declare the question again, how to setup a Laravel project behind the reverse proxy with subfolder?
http://www.example.com/laravel
I have issue with oil price
which we were getting form below script/ external website link :-
But Due to SSL , we have changed link from below way
which is perfectly working on chrome browser but on other browser script not loading properly
(Have you any idea regarding this how we can resolve )
I am doing this in Wordpress
From an https website you can't include js from an http host. (Active mixed content is blocked)
If you need to include a script, host it yourself (or use a CDN provider with https)
If you need to include a data provider, you need to proxy the request :
https://you.website/get_data.js returns the content of https://the.other.website/get_data.js
When I try to access my website over https, I get a mixed content error. Looking at the console, The offending resources are all images that are uploaded using the wordpress media uploader.
But isn't wordpress smart enough to know that it should serve those images over ssl if the https version of the website is requested? If not, is there an easy solution to resolve this issue (besides from editing every post to replace say http://example.com/image.jpg with //example.com/image.jpg)
Wordpress has a plugin that does this trick. Wordpress HTTPS(SSL)
It replaced all images loaded through "HTTP" with "HTTPS".
Hey folks, working on a CI app that provides public ad well as private (secure) access. I have not implemented SSL before but i understand that part of the setup is specifying which folders should be accessed using https.
I would like some advice with regards to how i should structure my folders to facilitate that.
Does the setup only affect the controllers folder? in other words should I split my app controllers between a public and secure subfolders under the standard CI controllers folder?
Do I need to do do anything to my views and models folders? anything else I should be paying attention to?
Your help would be appreciated.
thanks
OK the best way to split things up the way you want, would be to:
Set up your CodeIgniter app under a folder, say /var/www and ensure everything is working as you want.
Set the base url for the site under the config.php of CodeIgniter to just "/".
Create an Apache virtual host for the secure portion of the site, listening to requests on port 443 or whatever. Install your certificate and so on. http://www.namecheap.com are good for certs. Set up the web root as the CodeIgniter folder, e.g. /var/www.
Create a further Apache virtual host, pointing to the same directory e.g. /var/www for the unsecure version of the website.
You will now, all being well, at this stage be able to access the entire site using either https or standard http. I think you mentioned being able to take things a step further by only allowing access to certain controllers via HTTPS and certain unsecure. What I would do for this is the following.
Create a CodeIgniter library, call it say Ssl.php, under your application/libraries folder. Put in the following code:
class Ssl {
public function require()
{
// Is the current request method secure, via SSL?
if ( ! isset($_SERVER['https']) )
{
// No. Do something here, display an error, redirect... up to you
show_error("This resource must be accessed through an SSL encrypted connection.");
}
}
}
Now, in your application controllers, simply load the library the usual way $this->load->library('ssl') and for any controller method that you wish to require an SSL connection for, simply call the $this->ssl->require() method before any execution starts.
You could even go a step further and drop that method call to require() in a class controller __construct() function, or even an entire new controller that you may wish to extend from.
I hope this helps in some way.
Hey, I am in the middle of developing a CI app that is successfully running with HTTPS/SSL.
I think you are a bit confused. As far as I know, you can only set up an SSL enabled site per se by creating a new site or "virtual host" if you are using Apache for example.
So essentially if you were using Apache, you would create a virtual host to handle requests on port 443 for say https://example.com and then set the web root to say /var/www or wherever your CI app sits. You would also have to configure Apache to use your certificate file, once you have bought the cert and downloaded the bits and bobs after generating the cert request. It's easier than it sounds.
Is there any reason why you can't just have your entire app running through SSL? Rather than an encrypted and non-encrypted section? There is a small CPU overhead for SSL but it is minimal.
I hope this helps in one way or another.
EDIT IN RESPONSE TO COMMENT:
You're welcome. It's a minimal overhead. For the hassle, I would just simple put it all under an SSL vhost. Plus, if you were to split content between SSL/non-SSL, you may notice that if you include non-SSL based content on an SSL page, users will get a pesky message in their browser about "insecure content" etc, which may put them off and create some needless doubt.
It may be quite difficult to split as you want - as you would need seperate root index.php CI files for each vhost to allow CI to route it correctly. You couldn't just set a vhost serving a directory such as application/controllers/private/ because CodeIgniter wouldn't know how to handle the request without some severe modification to it's core routing.
I would honestly just stick everything under an SSL vhost. Or, another option would be to set up two CI apps running from the same system/core CI folder... if that makes sense, but then sharing content such as libraries and models will become tedious.