Open koen84 opened 9 years ago
Will have to look at this tomorrow, I can see this as well, it's just appeared after the latest changes. Looks ok on some, but not all browsers I've tried.
Go to your friendica directory and run php util/config system ssl_policy 2 Do not do this if you are replacing the self signed cert with a signed cert.
Works like a charm. Will the http versus httpS be an option in the script ? (Currently only doing a proof of concept on a local testserver, so no plans on SSL.)
I might have been too quick. Login + admin still go over SSL, worse, even clicking the "ignore" makes the admin interface lack any layout. (Okay, I can manually change the URL to http and then it looks okay.)
I do get why it wants to do login (and admin) over SSL, even if self signed. Though friendica seems to advocate better no SSL at all than self signed ? And it's not helpful the admin section (over self signed SSL) looses markup.
This issue (chrome + firefox) seems to be that the browser blocks non-SSL elements on SSL pages, in case : the css files are non-SSL and by default the login + admin section still get called over SLL (even after php util/config system ssl_policy 2).
Fronted only "compose message" and notifications / request changing category go wrong.
I dont't think you are using the latest version of the script, changing the url to http will still give https, php util/config system ssl_policy 2 no longer needs to be run. Try a new install with an updated script. If self signed remains a problem I'll go for a http version with optional https, using a pre installed signed cert.
I used the version of the script when you acknowledged the option "all" was put back in. (2 days ago)
I'll try a fresh start with a newly fetched script a next day. Even if SSL is prefered, I think it's great if an issueless completely-non-SSL version exists. It's definitely "starter friendlier" and sometimes it can be the only (practical) option.
The default install now does force httpS on everything, overcoming the initial problem of going to the non-SSL website. (Indeed without running the command.)
In an attempt to turn off SSL (self signed certificate and accomanying warning) I went to admin > website > policy SSL links : self signed CA ...
This resulted in chrome throwing up for redirect loops.
So it works correctly with SSL. Though running a communicity site with self signed CA is probably a bad idea, worse than no SSL. A free startTLS certificate is already in use to secure the login + admin of the website + guest sites. I doubt they like me make two for free. And paying for wildcard is rather expensive.
I'm not sure how to go from here.
I may have to do a rewrite without the self certified cert. You can have at least 2 startssl certs for the same domain, I have 2 for theshi.re, with a different subdomain being used for each one.
I think it might be useful to have a non-SSL version, but I don't know how much work that is for you. SSL just adds to the complexity for a starting admin.
That's awesome. So I can have a startssl webserver.example.com and friendica.example.com (both would also include example.com but only useful for the first) ?
Definitely going to try that if I'll take a friendica community server to production. And since the friendica would be on a different host than the webserver, that makes a lot of sense. (Actually I currently have secure.example.com and I can use it to encrypt wordpress login + admin of several websites on the same server over it.)
The script has now been updated. The default is now non-ssl, optionally a pre-installed signed ssl cert can be used.
Sounds great, will give it a new spin.
I was just testdriving, so no ssl.
I notice everything gets linked over SSL, even if I access the home page on standard http. This means my initial page looks like this screenshot.
Why ? Because the CSS (among other things) is linked over SSL and the browser blocks that because CA not valid. (So even with self-signed certificates installed by the script, it's not really as desired.)
Is it possible to turn off SSL (for whatever reason one might have) ?