<div dir="ltr">This is helpful.<div><br></div><div>I looked on PmWiki for documentation on how to set PmWiki up for HTTPS, but if there is anything there its not easy to find.</div><div>(see for example <a href="http://www.pmwiki.org/wiki/PmWiki/Security">http://www.pmwiki.org/wiki/PmWiki/Security</a>)</div><div><br></div><div>Could you please add a documentation page on this subject, and also an OOTB option (e.g. a config.php seting [$enablehttps=1;]) for installing PmWiki</div><div><br></div><div>thanks</div><div><br></div><div>Simon</div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div>____<br><a href="http://kiwiwiki.nz" target="_blank"><font size="1">http://kiwiwiki.nz</font></a></div></div></div></div>
<br><div class="gmail_quote">On 20 February 2017 at 00:06, Petko Yotov <span dir="ltr"><<a href="mailto:5ko@5ko.fr" target="_blank">5ko@5ko.fr</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Sometimes the Apache rewrite engine is a pain to use and debug.<br>
<br>
You can easily do the redirection from within config.php, near the top of it:<br>
<br>
if($UrlScheme == 'http')<br>
Redirect($pagename, "<a href="https://www.yourwiki.net" rel="noreferrer" target="_blank">https://www.yourwiki.net</a>".$_S<wbr>ERVER['REQUEST_URI']);<br>
<br>
I'd use "<a href="http://www.yourwiki.net" rel="noreferrer" target="_blank">www.yourwiki.net</a>" instead of $_SERVER["HTTP_HOST"] in order to redirect people who went to "<a href="http://yourwiki.net" rel="noreferrer" target="_blank">yourwiki.net</a>" to the host that has "www." in front (better for search engines to have a single hostname).<br>
<br>
<br>
<br>
Depending on your audience it may not be suitable to redirect everyone to the HTTPS website.<br>
<br>
I've recently worked with a large public organization with thousands of users that may use a wiki both with their own devices, and with the computers of the company that only have MSIE 6 to 8 as a web browser. Windows XP and other older operating systems do not support the new free "Let's Encrypt" certificates and users of these cannot open the secure wiki.<br>
<br>
What I ended up doing is use JavaScript to perform the redirect, only for the browsers that are able to open the HTTPS connexion.<br>
<br>
In your document root, place such a file named redirect-to-https.js:<br>
<br>
// Written by Petko Yotov (c) 2016 <a href="http://www.pmwiki.org/petko" rel="noreferrer" target="_blank">www.pmwiki.org/petko</a><br>
var currenthref = window.location.href + '';<br>
var newhref = currenthref.replace(/^http:/i, 'https:');<br>
if(currenthref != newhref) window.location.href = newhref;<br>
<br>
In your config.php, place these lines instead of the ones I gave earlier:<br>
<br>
if ($UrlScheme == 'http') $HTMLHeaderFmt['redirect-to-ht<wbr>tps'] =<br>
'<script type="text/javascript" src="<a href="https://www.yourwiki.net/redirect-to-https.js" rel="noreferrer" target="_blank">https://www.yourwiki.net/<wbr>redirect-to-https.js</a>"></script<wbr>>';<br>
<br>
The JS file instructs the browser to replace the current unsafe connexion with the secure one.<br>
<br>
The config.php code only includes the JS file in the HTML source if the protocol is "http".<br>
<br>
If a browser opens an insecure page, it will try to load the JS file. If it is able to load it, that means it is able open the secure connexion and it gets immediately redirected.<br>
<br>
If an older browser cannot open the secure connexion, it will be unable to load the JS file so it will ignore it and display the (insecure) page, as PmWiki will happily serve it. This is a lesser problem than a large group of the intended audience being unable to reach the wiki.<br>
<br>
In case you have a modified $ScriptUrl variable, use $UrlScheme in it instead of "http" or "https":<br>
<br>
$ScriptUrl = "$UrlScheme://<a href="http://www.yourwiki.net/" rel="noreferrer" target="_blank">www.yourwiki.net<wbr>/</a>";<br>
<br>
Petko<div class="HOEnZb"><div class="h5"><br>
<br>
<br>
On 2017-02-14 16:21, <a href="mailto:kirpi@kirpi.it" target="_blank">kirpi@kirpi.it</a> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
It seems that there is an ongoing trend towards having our whole<br>
websites reachable only through the https protocol.[1][2]<br>
Thus, I am now in the (not so straightforward) process of switching<br>
from http to https.<br>
<br>
As far as I can understand, the whole process could be split in two parts:<br>
1) Enabling https for the domain. - After this step the whole the<br>
website is reachable through both ports 80 (HTTP) and 443 (HTTPS);<br>
2) Forcing (all) the connections to use https, as opposed to plain http[3]<br>
<br>
In my case, I am on a cheap shared hosting, with limited flexibility.<br>
Nonetheless step 1 has been completed and I am now able to reach my<br>
website with both http and https.<br>
The second step seems now the trickiest.<br>
I set these lines towards the top of my root .htaccess file,<br>
<br>
RewriteEngine On<br>
RewriteCond %{HTTP:X-Forwarded-Proto} !https<br>
RewriteCond %{HTTPS} off<br>
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_<wbr>URI} [L,R=301,NE]<br>
<br>
which seem[4] to take care of the thing. And indeed, as far as I can<br>
see, all the http connections result now as https.<br>
Nonetheless I have some issues, one of which is related to the<br>
ShortUrl[5] recipe.<br>
I have<br>
RedirectMatch ^/s(.*)$ /S/$1<br>
just above the "RewriteEngine On" line, as well as<br>
$ShortUrlPrefix = '<a href="https://example.com/s" rel="noreferrer" target="_blank">https://example.com/s</a>';<br>
in <a href="http://config.it" rel="noreferrer" target="_blank">config.it</a>, but I keep on getting "This site can’t be reached" from<br>
the browser whenever I type a short url in.<br>
Alternatively, I get a message from Pmwiki: ShortUrl error: can't read code map.<br>
And the url appears to change into something like<br>
<a href="https://www.example.com/S/x" rel="noreferrer" target="_blank">https://www.example.com/S/x</a> (which did not happen before).<br>
<br>
Reading on the web, it seems that many different things might create<br>
issues in the http/https switch, from cookies to more esoteric<br>
subtleties.<br>
Does anybody know where the issue might be in this very case, please?<br>
<br>
Thanks!<br>
<br>
Luigi<br>
<br>
--------<br>
[1] "You should always protect all of your websites with HTTPS, even<br>
if they don’t handle sensitive communications. Aside from providing<br>
critical security and data integrity for both your websites and your<br>
users' personal information, HTTPS is a requirement for many new<br>
browser features..."<br>
<a href="https://developers.google.com/web/fundamentals/security/encrypt-in-transit/why-https" rel="noreferrer" target="_blank">https://developers.google.com/<wbr>web/fundamentals/security/encr<wbr>ypt-in-transit/why-https</a><br>
[2] "There’s pretty broad agreement that HTTPS is the way forward for<br>
the web..."<br>
<a href="https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/" rel="noreferrer" target="_blank">https://blog.mozilla.org/secur<wbr>ity/2015/04/30/deprecating-<wbr>non-secure-http/</a><br>
[3] I am adopting an .htaccess approach as opposed to suggestions<br>
found at <a href="http://www.pmwiki.org/wiki/Cookbook/SwitchToSSLMode" rel="noreferrer" target="_blank">http://www.pmwiki.org/wiki/Coo<wbr>kbook/SwitchToSSLMode</a> as I<br>
would like to switch all the website to https:<br>
[4]<br>
<a href="http://stackoverflow.com/questions/26620670/apache-httpx-forwarded-proto-in-htaccess-is-causing-redirect-loop-in-dev-envir" rel="noreferrer" target="_blank">http://stackoverflow.com/quest<wbr>ions/26620670/apache-httpx-<wbr>forwarded-proto-in-htaccess-<wbr>is-causing-redirect-loop-in-<wbr>dev-envir</a><br>
[5] <a href="http://www.pmwiki.org/wiki/Cookbook/Bloge-ShortUrl" rel="noreferrer" target="_blank">http://www.pmwiki.org/wiki/Coo<wbr>kbook/Bloge-ShortUrl</a> running very<br>
well since many years.<br>
</blockquote>
<br>
______________________________<wbr>_________________<br>
pmwiki-users mailing list<br>
<a href="mailto:pmwiki-users@pmichaud.com" target="_blank">pmwiki-users@pmichaud.com</a><br>
<a href="http://www.pmichaud.com/mailman/listinfo/pmwiki-users" rel="noreferrer" target="_blank">http://www.pmichaud.com/mailma<wbr>n/listinfo/pmwiki-users</a><br>
</div></div></blockquote></div><br></div>