Im developing an app with CodeIgniter, mainly for learning purposes.
Im currently addressing the issue of security in my app and one thing I read about is using SSL.
I tried to figure out what I have to do in order to use SSL in my app. Since I'll have a small number of users I thought about using SSL on all of my sites.
In another question for SSL in CI I found this:
$config['base_url'] = "https://www.yoursite.com/";
Is this all I have to configure to use SSL? Do I have to buy a certificate somewhere? Are there any prerequisites for my server?
Thanks in advance for your help!
SSL is related to your server. Not to your server side scripting software, i.e. php.
So, you should be looking for ssl for your server software.
Now, you have two options:
If you run in a local intranet, you could use software like xampp which by default provides https functionality for apache through self signed ssl certificate.
If you are using a hosting account, you should get a signed ssl certificate.
And ofcourse the setting in codeigniter, which you specified must be set to actually make use of the https.
You will need an SSL certificate for this yeah. Most current servers can handle these just fine, although your server needs an personal IP-address for this.
Open config file from location application/config/config.php and enable or set hooks to true like this:
$config['enable_hooks'] = TRUE;
Then create a new file named hooks.php inside the config folder (i.e. application/config/hooks.php) and add the following code in it:
$hook['post_controller_constructor'][] = array(
'function' => 'redirect_ssl',
'filename' => 'ssl.php',
'filepath' => 'hooks'
);
**Now create a new directory named hooks inside the application folder (i.e. application/hooks) and then create a new file named ssl.php inside the hooks folder (i.e. application/hooks/ssl.php).
Add the following code in the ssl.php file:**
function redirect_ssl() {
$CI =& get_instance();
$class = $CI->router->fetch_class();
$exclude = array('client'); // add more controller name to exclude ssl.
if(!in_array($class,$exclude)) {
// redirecting to ssl.
$CI->config->config['base_url'] = str_replace('http://', 'https://', $CI->config->config['base_url']);
if ($_SERVER['SERVER_PORT'] != 443) redirect($CI->uri->uri_string());
} else {
// redirecting with no ssl.
$CI->config->config['base_url'] = str_replace('https://', 'http://', $CI->config->config['base_url']);
if ($_SERVER['SERVER_PORT'] == 443) redirect($CI->uri->uri_string());
}
}
Related
Works find locally. Using ASP.NET core 3.1
Publish to dev I notice the swagger only has HTTP option and when I try a GET on a service I get below?
Is there something on the dev server that is causing this that I need to change ?
SEC7111: [Mixed-Content] The origin 'https://corerd.rb.gov' was loaded in a secure context but tried to load an insecure resource at 'http://corerd.rb.gov/PWDRS/api/TestWebApi'.
No Results
Figured it out.. Though still don't know why it defaults to HTTP
app.UseOpenApi(configure => configure.PostProcess = (document, _) => document.Schemes = new[] { NSwag.OpenApiSchema.Https });
Alternatively, setting the Schemes to null disabled explicit schemes.
app.UseOpenApi(configure => configure.PostProcess = (document, _) => document.Schemes = null);
From the specification:
If schemes are not specified, the scheme used to serve the API specification will be used for API calls.
I've been trying to email users a verification link using signed URLs in Laravel. It seems to work okay, but the link comes out incorrect when it is built using the URL facade.
public function toMail($notifiable)
{
$url = URL::signedRoute('confirm', ['user' => $this->user->id]);
return (new MailMessage)
->subject('Activate your email address')
->line('In order to use the application, please verify your email address.')
->action('Activate your account', $url)
->line('Thank you for using our application!');
}
In the email, the link looks like:
http://localhost/mydomain.com/confirm/14?signature=3ba4d86827717440f70a3b2f60c913b6e84d550cb9fce8de04a8ba359833ac7c
The "localhost" part should not be there. However, if I manually delete it in the URL bar, I believe the signed URL things I manipulated the URL and gives me a 401 error. I am running on a localhost environment but I use Laragon's auto virtual host so that I can still run it with a domain.
Any suggestions?
Sometimes if you are working in virtual environments or docker container, just setting APP_URL won't work. Try the following steps.
Step 1: Set your domain in your .env file. (Don't forget the double quotes)
APP_URL="http://yourdomain.com"
Step 2: Add following line before generating your signed route
URL::forceRootUrl(\config('app.url'));
Step 3: (Optional) Add following line, if you want to force https scheme
URL::forceScheme('https');
Change:
APP_URL=example.com
To:
APP_URL=http://example.com
I guess not specifying "http://" makes it append localhost to the front. Hope this helps someone!
I have a host for my Laravel website and another (non-laravel) for stored files. Direct access to my files are blocked completely by default and I want to control access to them by creating temporary links in my Laravel site. I know how to code, just want to know the idea of how to do it (not details).
From the Laravel docs
Temporary URLs For files stored using the s3 or rackspace driver, you
may create a temporary URL to a given file using the temporaryUrl
method. This methods accepts a path and a DateTime instance specifying
when the URL should expire:
$url = Storage::temporaryUrl(
'file.jpg', now()->addMinutes(5)
);
You could also make your own solution by directing all image request through your own server and making sure the file visibility is set to private.
Here is an example of how a controller could return image from your storage
public function get($path)
{
$file = Storage::disk('s3')->get($path);
// Do your temp link solution here
return response($file, 200)->header('Content-Type', 'image/png');
}
What i am using right now is Flysystem provided in laravel.Laravel Flysystem integration use simple drivers for working with local filesystems, Amazon S3 and other some space provide also. So for this doesn't matter whether is a server is laravel server or not.
Even better, it's very simple in this to switch between server by just changing server configuration in API.
As far as I know we can create temporary Url for s3 and rackspace in this also by calling temporaryUrl method. Caching is already in this.
That's the thing.
If your files are uploaded on an AWS S3 server
then,
use Storage;
$file_path = "4/1563454594.mp4";
if( Storage::disk('s3')->exists($file_path) ) {
// link expiration time
$urlExpires = Carbon::now()->addMinutes(1);
try {
$tempUrl = Storage::disk('s3')->temporaryUrl($file_path, $urlExpires);
} catch ( \Exception $e ) {
// Unable to test temporaryUrl, its giving driver dont support it issue.
return response($e->getMessage());
}
}
Your temporary URL will be generated, After given expiration time (1 minute). It will expire.
I have a CI site with several form using jquery .click function, when I was in http its worked well, when I change to https all the form click button cannot be fire, its happen in localhost and in web host as well, is that anything need to config to run CI in https?
please advise and thanks!
Solved:
I just remove the url from $config['base_url'], and now the issue is solved, but I wonder how come when running https couldn't set value on $config['base_url']? hope someone would clear my doubt.
Thanks guy for taking time to view my question.
Set your base_url protocol independent:
$config['base_domain'] = 'yourdomain.com'; // a new config item if you need to get your domain name
if (isset($_SERVER['HTTP_HOST']))
{
$protocol = ($_SERVER['SERVER_PORT'] == 443 ? 'https://' : 'http://');
$config['base_url'] = $protocol.$_SERVER['HTTP_HOST'];
$config['base_url'] .= str_replace(basename($_SERVER['SCRIPT_NAME']),"",$_SERVER['SCRIPT_NAME']);
}
else
{
$config['base_url'] = '';
}
I am guessing your ajax request fails because you are trying to access no-secure content from a secure site.
I had a similar issue. I simply changed the base URL from HTTP to HTTPS in the config file and it worked well for both protocols.
# Base URL in codeigniter with HTTP
$config['base_url'] = 'http://mysite.abc/';
# Base URL in codeigniter with HTTPS
$config['base_url'] = 'https://mysite.abc/';
Remember, when you change HTTP to HTTPS, the site should work well for both protocols but it doesn't work the other way around.
I just moved my current office Joomla 1.5.8 instalation from the server(linux) to my local machines (winxp) so I can work locally and only upload the changes.
The thing is after downloading all the files and installing a backup of the remote DB on my local machine I found myself unable to login to the administrator panel, I can see the frontpage but not login :/
So far, I have googled alot this problem, but most people seem to be experiencing this problem while upgrading from joomla 1.0
To make sure the problem was not on permissions for the files,I did a separate brand new joomla instalation on another folder and it worked just fine, I could access the website and I also could login to admin page, then I changed the config file to connect to the joomla I'm trying to move and now I find myself again unable to login :/
I think the problem is on the DB however I already tried searching for specific paths but no luck
Does anyone has another Idea?
thanks in advance :)
Try to change following variable in your local configuration file with you local values.
var $offline = '0';
var $log_path = 'Your local joomla path\logs';
var $tmp_path = 'Your local joomla path\tmp';
var $live_site = 'local url will be here';
var $dbtype = 'mysql';
var $host = 'local db host';
var $user = 'DB user for local';
var $db = 'Db name for local';
var $dbprefix = 'DB prefix whatever you have set, by default jos_';
var $password = 'your DB password for local';
You probably have LDAP or openid authentication enabled and thats what is causing this blank page while you try to login.
Just go to your database and go to your:
jos_plugins
And edit the plugins which are either openid or LDAP
set their published status from 1 to '0'
Case solved.
Does your site use any kind of extra authentication? Mine used the LDAP Authentication plugin. MY local machine couldn't connect to the LDAP server. After turning LDAP authentication off (only use Joomla authentication) it worked.
edit the jos_plugins table in mysql to set published from 1 to 0 for any extra authentication plugins you are using.
I have discussed this issue in details here: http://www.itoctopus.com/blank-page-on-joomla-login
In most cases we have seen, Joomla is trying to load a file that no longer exists.