Enable Proxy and Force SSL problems #11193
Comments
|
i think that change was made in this PR https://github.com/joomla/joomla-cms/pull/9584/files. please check |
|
i can't test this, but i think you could make add a check if proxy enabled to bypass HTTPS check in that scenario. && (int) JFactory::getConfig()->get('proxy_enable', '0') !== 1 |
|
PR #9584 which is by the way already merged into the current code contains the code that checks whether HTTPS is available when "Force SSL" shall be enabled. But this PR doesn't deal with the fact that a proxy might be set in the global configuration. I don't think it is a good idea to disable the HTTPS check as you suggested if a proxy is set. I more thought of a way to disable using the proxy if it is set, and this would mean the following change: administrator/components/com_config/model/application.php, line 130: new: In the file libraries/joomla/http/transport/curl.php it is first checked whether a proxy is configured (lines 170 ff.), and later on all custom transport options passed in "transport.curl" will be added to the curl options array (lines 183 ff.). In doing so the CURLOPT_PROXY and CURLOPT_PROXYUSERPWD settings will both be overwritten with NULL which effectively disables using the proxy server configured. This comment was created with the J!Tracker Application at issues.joomla.org/joomla-cms/11193. |
|
if that works good. fine by me |
Suggested code change from PR joomla#11193 moved to this PR
|
I moved the code change suggested above to PR #11189 since having configured a proxy might also cause the HTTPS check to fail. |
|
ok please close this issue as we already have a PR. |
* Force SSL Check might fail When setting the force SSL option the check might fail if the common name in the server's HTTPS certificate doesn't match the host name used in accessing the server. If it is fine to disable the check whether the certificate was issued by a known CA (by setting CURLOPT_SSL_VERIFYPEER to false) it should be fine too to disable the check for the right common name in the certificate. Both checks might and probably should be delegated to the user. * Code style change Blank line before comment added * Do not use proxy when checking HTTPS Suggested code change from PR #11193 moved to this PR * line too long, wrapped * Code style change
With the current Joomla code (I think it came first with Joomla 3.6) there exists a check whether the server can be accessed via HTTPS (see administrator/components/com_config/model/application.php). This works fine if you don't have a proxy configured (for certificate problems see PR #11189).
But if you configured a proxy and this proxy is enabled you're probably no longer able to activate HTTPS either for the backend or for the entire site. Whether this still works depends upon whether this proxy allows to be contacted by the server where Joomla runs and to serve pages from this server. In most cases this will not be the case.
If you need a proxy within your Joomla setup and if you want to activate HTTPS you currently need to follow this procedure:
I checked whether any internal option exists für curl (libraries/joomla/http/transport/curl.php) that allows to disable using a configured proxy for a single request but I didn't find any. Maybe such an option would help in making the HTTPS activation easier when a proxy is configured.
The text was updated successfully, but these errors were encountered: