|
Times are constantly evolving, and our demand for secure communication is increasing. In Discuz X3, it is said that https is supported, so after I got the SSL certificate, I added SSL to the website as soon as I got it. But after adding it, I found that many places did not use https links, so I started checking the Discuz source code to see what went wrong. 1. SSL certificate & configurationFirst of all, to enable SSL, you must have a certificate, right? Whether it is issued by a regular CA or signed by oneself, it is not possible to have no certainty. If not, apply for one first. (Please google the specific method, I will not go into detail here) 2、Discuz! Optimized2.1. Procedure adjustmentFrom Discuz! X3 has added support for https, and if you use https to access the forum, the links in the forum will become https. If you find that most of the links already use https, it means that Discuz has automatically recognized it, and you can skip this step and go directly to the next step. Discuz uses $_SERVER['HTTPS'] to judge SSL, but due to my VPS architecture problem (nginx+php-fpm), it cannot be recognized this way, so I need to make some adjustments to the Discuz program (using $_SERVER['SERVER_PORT']). source/class/discuz/discuz_application.php (c. line 187): Find: - $_G['isHTTPS'] = ($_SERVER['HTTPS'] && strtolower($_SERVER['HTTPS']) != 'off') ? true : false;
Modified to: - $_G['isHTTPS'] = ($_SERVER['SERVER_PORT'] == 443 || $_SERVER['HTTPS'] && strtolower($_SERVER['HTTPS']) != 'off') ? true : false;
uc_server/avatar.php (approx. line 13): Find: - define('UC_API', strtolower(($_SERVER['HTTPS'] == 'on' ? 'https' : 'http').'://'.$_SERVER['HTTP_HOST'].substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], '/'))));
Modified to: - define('UC_API', strtolower(($_SERVER['SERVER_PORT'] == 443 || $_SERVER['HTTPS'] == 'on' ? 'https' : 'http').'://'.$_SERVER['HTTP_HOST'].substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], '/'))));
After the modification, I updated the cache and found that most of the links became https. 2.2. Background settingsThere are also settings in the background that may interfere with the use of https In the background, the >webmaster > UCenter sets the > UCenter access address, which is modified to start with https UCenter > Application Management > The main URL of the application is modified to start with https In addition, some settings in the background > global > domain name settings may also invalidate https, if you have taken the previous steps and still cannot enable it, you can temporarily delete the settings here to try. 3. Clear the cacheAfter the settings are complete, you need to clear the cache for the settings to take effect. Clean the cache and memory cache, and if you set the post cache, you need to clean the cache in the database (empty the corresponding cache database, or wait for the cache to fail). At this point, Discuz https is successfully enabled, and of course, when accessing some pages, the lock may be crossed. Because other http content is loaded in the page. It may be statistics codes, QQ sharing codes, QQ show avatars, etc., which do not provide https protocol for the time being, so they cannot be enabled. Just wait for Discuz to further support https.
| 
Posted on 5/30/2015 11:42:13 PM
|
|
|
