Jump to content
  • 0

Disable Https Completely?

Alex Vojacek

Asked by Alex Vojacek,

 Share

Question

Alex Vojacek Newbie

Alex Vojacek

Posted
Posted

Hello wonderful community.

 

I just bought my first license of blesta, the owned unbranded.

 

I finished my portal here:   http://clients.elysiumservers.com

 

but as you can see, some parts reads in https and some in http.  I managed to create a rule in nginx for the server to load each part and jump to http each time but it is of no use since a new web browser will ask for authentication in the SLL as soon as the redirection tries to work.

 

I know all about SSL but as of right now, i can't change the http url on 2checkout without having to pay them for doing it and I really don't want to pay for a SLL certificate so my clients don't  look to that horrible red page of "unsecure, danger... better leave"  unsecured SSL.

 

 

Is there a way to completely disable SSL and force blesta into http only?,  probably in the future when I have more money I will change the 2checkout url and pay for a SSL authority certificate but right now, I spent all my money on the license.

 

If you point me in the right direction I think I can handle myself, I need to know at least the files that controls https and http.

 

Thank you guys.

Link to comment
Share on other sites

33 answers to this question

Recommended Posts

  • 0
Michael Apprentice

Michael

Posted
Posted

Try this in your .htaccess.

RewriteEngine on 
RewriteCond %{HTTP_HOST} ^www.yourdomain.com [NC]
RewriteRule ^(.*)$ http://yourdomain.com/$1 [L,R=301]

RewriteCond %{SERVER_PORT} ^443$
RewriteRule .* http://%{SERVER_NAME}%{REQUEST_URI} [R,L]


Not tested but I use it for my force https://, just edited it to find the SSL port.

Link to comment
Share on other sites
  • 0
Alex Vojacek Newbie

Alex Vojacek

Posted
  • Author
Posted

I have the exact same thing in nginx (which is what i'm using) but it is of no use since the browser keeps asking me for the SSL certificate and says "warning"  when i'm about to buy a product, which is an undesirable result.

 

This is the equivalent on nginx:

 

server {
       listen 443;
       server_name HOST.com;
       rewrite ^(.*) http://$host$1 permanent;
ssl     on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout  10m;
ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
...................
 }
 
 
server {
    listen 80; ## listen for ipv4
    server_name HOST.com;
    index index.php index.html index.htm;
    root /home/root/web;
server {
       listen 443;
       server_name HOST.com;
       rewrite ^(.*) http://$host$1 permanent;
ssl     on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout  10m;
ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
ssl_certificate      /etc/nginx/server.crt;
ssl_certificate_key  /etc/nginx/server.key;
 }
 
 
server {
    listen 80; ## listen for ipv4
    server_name clients.elysiumservers.com;
    index index.php index.html index.htm;
    root /home/web/clientes.elysiumservers.com;
 
Link to comment
Share on other sites
  • 0
cloudrck Newbie

cloudrck

Posted
Posted

I know all about SSL but as of right now, i can't change the http url on 2checkout without having to pay them for doing it and I really don't want to pay for a SLL certificate so my clients don't  look to that horrible red page of "unsecure, danger... better leave"  unsecured SSL.

 

You're overlooking the real issue. Whether or not a certificate message appears or not the connection is still unsecure. You don't want to spend $8 for an SSL cert? Then get a free Class 1 at StartSSL. There is no reason to not spend a few bucks for added security. You shouldn't even consider forcing HTTP, if I see someone can't take the effort to get a SSL certificate I move right along.

 

 

since the browser keeps asking me for the SSL certificate and says "warning"  when i'm about to buy a product, which is an undesirable result.

Learn what your Nginix code means and understand what it does before you use it. Than you will understand why it isn't giving you the desired result. Than get a SSL cert.

Link to comment
Share on other sites
  • 0
Paul Community Regular

Paul

Posted
Posted

Some of your portal links appear to be using https, you should change those under Settings > Company > Plugins > Available > Portal - Manage.

 

No links in Blesta force https anywhere, they are all relative, so any other pages that are coming up https other than the portal are probably a result of the webserver configuration.

Link to comment
Share on other sites
  • 0
Alex Vojacek Newbie

Alex Vojacek

Posted
  • Author
Posted

You're overlooking the real issue. Whether or not a certificate message appears or not the connection is still unsecure. You don't want to spend $8 for an SSL cert? Then get a free Class 1 at StartSSL. There is no reason to not spend a few bucks for added security. You shouldn't even consider forcing HTTP, if I see someone can't take the effort to get a SSL certificate I move right along.

 

 

Learn what your Nginix code means and understand what it does before you use it. Than you will understand why it isn't giving you the desired result. Than get a SSL cert.

 

That's a little harsh,  I'm learning, nobody made me a wise from night to day.

 

About the certificate, I already spend all day today trying to incorporate the StartSSL certificate but they clearly states that they are not for websites but for individuals.

 

Exporting the certificate to pem and key  or cer and key didn't worked, chrome still complained about invalid certificate.

 

Disabling SSL seems to be having a strange effect since some links still resolve to https which I think has to do to some configuration wrong somewhere, but I can't seem to find it, since I removed all traces of SSL on nginx.

 

 

Listen, I'm not trying to cut cheap, I'm trying to make this work, I have 3 projects coming along that needs this hosting operational and I am now 2 days in a row without sleeping trying to fix it.  I do my best, I'm not an expert, that's for sure.

Link to comment
Share on other sites
  • 0
cloudrck Newbie

cloudrck

Posted
Posted

About the certificate, I already spend all day today trying to incorporate the StartSSL certificate but they clearly states that they are not for websites but for individuals.

 

 

This statement doesn't even make sense, you need to re-read what the site says. If you're learning than you need to not accept clients and do research. There are enough inexperienced hosts out getting hacked, we don't need to add more.

 

 

The StartSSL™ Free certificates are intended for web sites which require protection of privacy and prevent eavesdropping.

Link to comment
Share on other sites
  • 0
Daniel B Newbie

Daniel B

Posted
Posted

As harsh as it may come accross, cloudrck is 100% right.  If you can't poney up for a decent SSL cert (or use StartSSL and get them for free, with awesome security still), or don't know how to get a simple SSL cert to work on your domain...then you need to be learning how to do that.

 

If I go to someone's cart, where I have to input my payment details...and there is not https in that address bar...the site gets closed and I move onto another place that cares about the security of my information.

 

Forcing http when you are offering any type of online service and intentionally not using https simply because you do not want to pay for a non-expensive certificate is definately not the way to start in this industry.

 

Not trying to be rude, just trying to keep you from falling into trouble.

Link to comment
Share on other sites
  • 0
Alex Vojacek Newbie

Alex Vojacek

Posted
  • Author
Posted

I understand and value all the information you gave me, albeit you have all the wrong way of approching me.  You don't even know me or my work and  I do not deserved to be treated this way.

 

I already got a certificate on namecheap and I am configuring it right  now, I am planing on using SSL since I've been reading a lot and it is far more valuable to have it enabled.

 

But, this does not  rule out the initial statement that somehow blesta is putting https inside some of my links.

 

I completely reinstalled the system, without https and some links goes to https and it is not my webserver.  Aside from this, I will use SSL.

 


Next time a startup guy like me ask something, it should be good to respond nicely.  The thing about my ignorance does not make me an irresponsable prick, you just have to respond as any human being will like them to respond,  nicely.

Link to comment
Share on other sites
  • 0
Alex Vojacek Newbie

Alex Vojacek

Posted
  • Author
Posted

As harsh as it may come accross, cloudrck is 100% right.  If you can't poney up for a decent SSL cert (or use StartSSL and get them for free, with awesome security still), or don't know how to get a simple SSL cert to work on your domain...then you need to be learning how to do that.

 

If I go to someone's cart, where I have to input my payment details...and there is not https in that address bar...the site gets closed and I move onto another place that cares about the security of my information.

 

Forcing http when you are offering any type of online service and intentionally not using https simply because you do not want to pay for a non-expensive certificate is definately not the way to start in this industry.

 

Not trying to be rude, just trying to keep you from falling into trouble.

 

 

Believe it or not I absolute 100% agree with all your statements, this, I wasn't aware.  Oh by the way, there not many hosting companies in my country, that i am aware of, that use appropiate hosting techniques, the majority they don't even provide a hosting panel.

 

So, i do not pretend to do things the incorrect way,  when I was trying to force http, it was 5am in the morning after 48hs of working without sleeping, I was exhausted and you know what happens when you're exhausted.

 

 

Aside from all this.  I don't know if I did it wrong but I toke a certificate from namecheap,  ComodoSSL.

 

Is the StartSSL any better, should I use StartSSL ?

Link to comment
Share on other sites
  • 0
mrrsm Newbie

mrrsm

Posted
Posted

Believe it or not I absolute 100% agree with all your statements, this, I wasn't aware.  Oh by the way, there not many hosting companies in my country, that i am aware of, that use appropiate hosting techniques, the majority they don't even provide a hosting panel.

 

So, i do not pretend to do things the incorrect way,  when I was trying to force http, it was 5am in the morning after 48hs of working without sleeping, I was exhausted and you know what happens when you're exhausted.

 

 

Aside from all this.  I don't know if I did it wrong but I toke a certificate from namecheap,  ComodoSSL.

 

Is the StartSSL any better, should I use StartSSL ?

The SSL Cert from Namecheap is just fine to use.

Link to comment
Share on other sites
  • 0
Daniel B Newbie

Daniel B

Posted
Posted

I think something went wrong.

 

I can't access the admin panel anymore,  it keeps going back to a blank page /admin/license

 

 

I already opened up a ticket, does anyone knows what could be wrong?

 

When does it go back to blank page, after trying to login? (I can get to your admin login page just fine).

Link to comment
Share on other sites
  • 0
cloudrck Newbie

cloudrck

Posted
Posted (edited)

I can only hope you aren't talking about his Blesta logs...

 

3 word answers are generally not very helpful...

It is in this case. You check relevant logs until you find something useful, I shouldn't  have to spell it out.

 

PHP, Nginx, dmesg, syslog, etc. If Nginx is his sole HTTPD than they should be in his sites error_log. PHP depending on his setup.

 

Looks like he got it fixed.

 

May I suggest http://tldp.org/LDP/intro-linux/html/index.html

Edited by cloudrck
Link to comment
Share on other sites
  • 0
Alex Vojacek Newbie

Alex Vojacek

Posted
  • Author
Posted

Yes I got it.

 

To cut story short.  Never use bleeding edge linux distributions to host something important.  I'm learning leap and bounds these days.

 

I used Ubuntu 13.10 which after downgrading PHP to 5.4 (since it uses 5.5 and is not compatible with ioncube yet)  something got broken.

 

I reinstalled with ubuntu 12.10 server and it started working like a charm.

Link to comment
Share on other sites
  • 0
Alex Vojacek Newbie

Alex Vojacek

Posted
  • Author
Posted

It is in this case. You check relevant logs until you find something useful, I shouldn't  have to spell it out.

 

PHP, Nginx, dmesg, syslog, etc. If Nginx is his sole HTTPD than they should be in his sites error_log. PHP depending on his setup.

 

Looks like he got it fixed.

 

May I suggest http://tldp.org/LDP/intro-linux/html/index.html

 

 

You're so cute. I already checked every log there is,  this was a very strange problem, I supposed that ubuntu 13.10 and the downgrade did a mess of the system, anyway, i'm not scared of making mistakes, but you're so bend on reminding me how novice i am.

Link to comment
Share on other sites
  • 0
cloudrck Newbie

cloudrck

Posted
Posted

You're so cute. I already checked every log there is,  this was a very strange problem, I supposed that ubuntu 13.10 and the downgrade did a mess of the system, anyway, i'm not scared of making mistakes, but you're so bend on reminding me how novice i am.

I don't know why I bother trying to help some people. Not again.

 

 

And Ubuntu 13.10 is no where near "bleeding edge".

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to question listing
×
×
  • Create New...