Drupal working with a Shared SSL Certificate?

By coyanis on 25 Apr 2006 at 04:03 UTC

Can anyone out there testify to having Drupal working with a Shared SSL Certificate?

Comments

It works! Correction in common.inc is needed

coyanis commented 25 April 2006 at 15:45

It may be of interest for those who want to secure their Drupal site with a shared ssl certificate (SSL-Proxy): It works!

After various unsuccessful inquiries in this forum

http://drupal.org/node/59755
http://drupal.org/node/59996
http://drupal.org/node/60101
http://drupal.org/node/60222

I found the solution:

Replace in common.inc the line

return '<form action="'. check_url($action) .'" method="'. $method .'"'. drupal_attributes($attributes) .">\n". $form ."\n</form>\n";

with

if (substr(check_url($action),0,1) == '/') {
     return '<form action="/example.com'. check_url($action) .'" method="'. $method .'"'. drupal_attributes($attributes) .">\n". $form ."\n</form>\n";
   }
     else {
     return '<form action="'. check_url($action) .'" method="'. $method .'"'. drupal_attributes($attributes) .">\n". $form ."\n</form>\n";
   }
}

Version 5.1

Russtavo commented 21 May 2007 at 08:14

I need to achieve this with version 5.1, does anyone know how?

SSL-Proxy configuration for 5.1

maximago commented 5 August 2007 at 10:19

We were able to get the SSL-Proxy (1&1) working.

The first step is an really ugly hack:
Change the method "theme_form" in form.inc so that it looks like this:

function theme_form($element) {
// Anonymous div to satisfy XHTML compliance.
	
   if (strstr(check_url($element['#action']),"service.maximago.de") == FALSE) {
  	$action = $element['#action'] ? 'action="/spielwiese.maximago.de' . check_url($element['#action']) . '" ' : '';
   } else {
	$action = $element['#action'] ? 'action="' . check_url($element['#action']) . '" ' : '';
   }
    return '<form '. $action . ' method="'. $element['#method'] .'" '. 'id="'. $element['#id'] .'"'. drupal_attributes($element['#attributes']) .">\n<div>". $element['#children'] ."\n</div></form>\n";
}

Yes. I know. thats dirty and you'll get a bunch of problems when ugrading and so on. But first of all, it works.

Then you have to add some lines to your settings.php (to get the cookies working):

ini_set('session.cookie_domain','ssl.kundenserver.de');
ini_set('session.auto_start', 0);
ini_set('register_long_arrays', 1);

To ensure the SSL_Path, we the added these lines to page.tpl.php.

$request_type = ($_SERVER['HTTP_X_FORWARDED_HOST'] == 'ssl.kundenserver.de') ? 'SSL' : 'NONSSL';
if($request_type!="SSL"){
	header("Location:https://ssl.kundenserver.de/service.maximago.de");
}

It does a redirect when not comming through https...
Replace the "service.maximago.de" by the end of your SSL-Proxy-URL.

Is this working for Drupal 5.5?

metabits commented 9 December 2007 at 17:48

I have already installed a new website for a small association hosted by 1&1 and I would like to set up Shared SSL, in order to protect users info and so on...

Is this method you did for 5.1 working also for 5.5?

Thanks!

psc

Error in form.inc

metabits commented 9 December 2007 at 18:33

I tried on a test site on drupal 5.3 and i get this error:

Parse error: syntax error, unexpected T_VARIABLE in /homepages/21/d222132267/htdocs/drupal53/includes/form.inc on line 1439

my lines numbers are:

1436    function theme_form($element) {
1437      // Anonymous div to satisfy XHTML compliance - SSL-Prox Variante
1438      if (strstr(check_url($element['#action']),"drupaltest.mysite.net") == FALSE) {
1439      $action = $element['#action'] ? 'action="/drupaltest.mysite.net' . check_url($element['#action']) . '" ' : '';
1440       } else {
1441    $action = $element['#action'] ? 'action="' . check_url($element['#action']) . '" ' : '';
1442       }
1443        return '<form '. $action . ' method="'. $element['#method'] .'" '. 'id="'. $element['#id'] .'"'. drupal_attributes($element['#attributes']) .">\n<div>". $element['#children'] ."\n</div></form>\n";
1444    }

I am using Garland for this site, so I put in garland's page template, under the body tag:

  <?php
   // Ensure SSL_Path for SSL-Proxy
   $request_type = ($_SERVER['HTTP_X_FORWARDED_HOST'] == 'ssl.perfora.net') ? 'SSL' : 'NONSSL';
   if($request_type!="SSL"){
   header("Location:https://ssl.perfora.net/drupaltest.mysite.net");
   }
  ?>

And my PHP Settings are as follow:

ini_set('arg_separator.output',     '&amp;');
ini_set('magic_quotes_runtime',     0);
ini_set('magic_quotes_sybase',      0);
ini_set('session.cache_expire',     200000);
ini_set('session.cache_limiter',    'none');
ini_set('session.cookie_lifetime',  0);
ini_set('session.gc_maxlifetime',   200000);
ini_set('session.save_handler',     'user');
ini_set('session.use_only_cookies', 1);
ini_set('session.use_trans_sid',    0);
ini_set('url_rewriter.tags',        '');
/* Settings for SSL-Proxy */
ini_set('session.cookie_domain','ssl.perfora.net');
ini_set('session.auto_start', 0);
ini_set('register_long_arrays', 1);

Did I something wrong?
Or is this method not working but for 5.1?

I need a solution for 5.5

Thanks!

psc

Better solution

skybow commented 26 November 2008 at 20:54

For Drupal 6 I think I found a better solution. See my post here:

http://drupal.org/node/339552

Drupal 7 - https with shared ssl

BrianLewisDesign commented 12 July 2015 at 04:15

Here is the D7 setup that works for me on A2 shared hosting, with a shared certificate.

/sites/default/settings.php - for the $base_url and $cookie_domain
/.htaccess - https and remove www, because shared url can't have www
pathologic module - do // protocol for the image paths
securepages module - via shared https url, so you can turn it on

// (/sites/default/settings.php)
$request_is_ssl = (getenv('HTTPS') == '1' || getenv('HTTPS') == 'on' || !empty($_SERVER['HTTP_X_FORWARDED_HOST'])) ? TRUE : FALSE;
if ($request_is_ssl) {
  $base_url = 'https://mysite-wwwls7.ssl.supercp.com';
  $cookie_domain = '.mysite-wwwls7.ssl.supercp.com';  
  $_SERVER['HTTPS'] = 'on';  
  $conf = array('reverse_proxy' => TRUE, 'reverse_proxy_addresses' => array($_SERVER['REMOTE_ADDR']));
  //$_SERVER['REQUEST_URI'] = 'mysite-wwwls7.ssl.supercp.com' . $_SERVER['REQUEST_URI']; // Only the DNS name of the site needed here!
} else {  
  $base_url = 'http://mysite.com';  // NO trailing slash!
  $cookie_domain = '.mysite.com';
  $_SERVER['HTTPS'] = '';
}

# (/.htaccess)
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]

/* pathologic module: (/admin/config/content/formats) > each text format > Correct URLs with Pathologic > Protocol relative URL http://mysite.com/ https://mysite-wwwls7.ssl.supercp.com/ (Save configuration) */

/* securepages module: (https://mysite-wwwls7.ssl.supercp.com/admin/config/system/securepages) > Enabled, Switch back to http pages when there are no matches, http://mysite.com, https://mysite-wwwls7.ssl.supercp.com, Make secure only the listed pages (Save configuration) */

Drupal working with a Shared SSL Certificate?

Comments

It works! Correction in common.inc is needed

Version 5.1

SSL-Proxy configuration for 5.1

Is this working for Drupal 5.5?

Error in form.inc

Better solution

Drupal 7 - https with shared ssl

New forum topics

News items

Our community

Documentation

Drupal code base

Governance of community