AtoM 2.9.0 - user login page redirecting to https

[lib-s...@unbc.ca]

I'm having an issue with the user login process on a new server and install of AtoM 2.9.0. The site in general is working fine via http, but when I try to log in it redirects to an https page. This is a problem, because nginx is not currently configured to serve the site via https. How can we stop the https redirect and log in via http?

Further details which may or may not be relevant:

• Old server (AtoM 2.8.2) is working fine. It serves site via https, with a redirect in the nginx config
• New server is only set up with the default http (port 80). The plan is to move the server behind our f5 BIG-IP load balancer and let it handle the https.
• http access to the new server is locked down via firewall, accessibly only by a limited set of IPs for administration and testing purposes.
• We have exported the AtoM database from the old server, and imported it successfully to the new server.

Any guidance that can be offered would be appreciated.

Thanks,

David

[lib-s...@unbc.ca]

More info:

I've done my best to eliminate the browser being responsible. I'm getting the same behaviour in Edge, Chrome and Firefox, also using Private/Incognito browser tabs. I've tried adding the site to the "Allowed to show insecure content" setting in Chrome, and tried adding it to the HTTPS-Only Mode setting in Firefox (set to "Off").

Here's an example entry from the nginx access.log file:

<IP Redacted> - - [02/Apr/2025:11:01:00 -0700] "POST /index.php/user/login HTTP/1.1" 302 253 "http://lib-atom-0p05.unbc.ca/user" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/135.0.0.0 Safari/537.36"

It's redirecting from /user to /index.php/user/login, but I don't see anything that would suggest a redirect from http to https there.

David

[Dan Gillean]

Hi David, 

Any chance that your site might have had this setting enabled?

• https://www.accesstomemory.org/docs/latest/user-manual/administer/settings/#require-ssl-for-all-administrator-functionality

If you want to check (and if it is enabled, disable it until you set up HTTPS), here are some SQL queries that can help: 

• https://www.accesstomemory.org/docs/latest/admin-manual/maintenance/common-atom-queries/#sql-disable-ssl

If that's not it, then it's likely more technical than I have suggestions for, so hopefully others might chime in with ideas. Good luck!

Dan Gillean, MAS, MLIS
Business & User Experience Analyst
Artefactual Systems, Inc.
604-527-2056

he / him

--
You received this message because you are subscribed to the Google Groups "AtoM Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ica-atom-user...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/ica-atom-users/1e18063a-84c7-4545-b6a2-d4e2c9287b69n%40googlegroups.com.

[lib-s...@unbc.ca]

That was it, thank you Dan!

I also had to restart services after making the sql edit, for the change to take effect. Not sure which one specifically. Just nginx didn't cut it, so then I did mysql, elasticsearch, php8.3-fpm.service and memcached, and now I am able to log in without getting the unwanted redirect.

Thanks again!