Gantry Template and HTTPS issues

[Mike McMullen]

Hello,

I'm working on implementing HTTPS across my site, since CloudFlare has seen fit to offer it freely. Why not take advantage of it, right?

The problem I'm having is this - when viewing the site via HTTPS, none of the relatively linked items call via HTTPS. They all attempt to load via HTTP - this results in all of the stylesheets and JS being blocked from loading.

This ONLY affects the parts of the site running "AfterBurner2" template (a Gantry Joint from RocketTheme) - the Admin, my phpBB forum, etc all work over HTTPS. Their relatively linked items display without issue, calling from HTTPS.

After a week or two of trying to chase this down, all I can think is that the template - or Gantry - is somehow at fault here. I notice, for example, that the HEAD contains a "base href" that is set to HTTP, as well as Canonical links with the same setup.

I've tried setting Force SSL, and changing the Live Site variable to HTTPS, and this does not change the behavior at all. No matter what I try, it seems to try to pull these items via HTTP.

The easiest way to understand is to check it out - You can see it here: https://www.curecoin.net

Visit without HTTPS to see how it should look. Inspect the HEAD and you'll see the problem.

Am I missing something incredibly obvious? I tried searching around the web, but I can't find anything relevant and recent that explains it. Nothing (well, nothing from the template) is linked as "http://" - it's all "/template/whatever/thing.css".

Thanks in advance, just in case someone is clever enough to point me in the right direction.

-Mike, CureCoin.net

[Mike McMullen]

Anyone have any thoughts? The more I look into it, the more it seems like the Base Href is the issue, but I don't know how/where Gantry generates this. And if I find it, how to change it to resolve the issue.

[patrick]

Hi,

You can take a look at your .htaccess
There is : RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
Try to modify this to RewriteRule .* - [E=HTTPS_AUTHORIZATION:%{HTTPS:Authorization}]

or try somethink like :

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

[Mike McMullen]

Hi Patrick,

Thanks! I have some questions, if you don't mind.

I don't have an .htaccess active in the public_html folder - I have a blank .htaccess, and an htaccess.txt which contains the HTTP_AUTHORIZATION you mention.

Should I bring these lines to the active .htaccess, and if so, should I be setting up both HTTP and HTTPS lines (to allow both to work)?

I'd like to be able to retain either/or access, particularly while I troubleshoot the remaining issues.

.htaccess has always been something that no matter how much I use it and learn of it, it still confuses me a bit.

Mike

[patrick]

The htaccess.txt is installed with Joomla.

You can delete the existing .htaccess and rename htaccess.txt to .htaccess.

After that, you can edit it and try to modify  the HTTP_AUTHORIZATION

Patrick

[Mike McMullen]

Hi Patrick,

I tried this, but there's no change. The same behavior occurs - the CSS etc. attempts to load via HTTP, not HTTPS.

I tried a straight redirect (per your second option) but that resulted in an infinite redirect loop for some reason. I do have .htaccess entries in the server user's root, which is probably related to that.

RewriteEngine On

# www rewrite

RewriteCond %{HTTP_HOST} ^(www.)?curecoin.net$ [NC]

RewriteCond %{REQUEST_URI} !^/~curecoin/

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule ^(.*)$ /~curecoin/$1

RewriteCond %{HTTP_HOST} ^(www.)?curecoin.net$ [NC]

RewriteRule ^(/)?$ ~curecoin/index.php [L] 

#root rewrite

RewriteCond %{HTTP_HOST} ^curecoin.net$ [NC]

RewriteCond %{REQUEST_URI} !^/~curecoin/

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule ^(.*)$ /~curecoin/$1

RewriteCond %{HTTP_HOST} ^curecoin.net$ [NC]

RewriteRule ^(/)?$ ~curecoin/index.php [L] 

#index.php remove

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule ^(.*)$ /index.php?/$1 [L]

Could these be the reason for the fault in the first place, somehow? Like I said, I'm fuzzy on .htaccess sometimes, I could easily have screwed this up myself. It's just that the only thing not working is the Gantry based template, that's what lead me towards that as the culprit.

A quick Google shows this as a recommended structure for a WWW redirect (for example):

RewriteCond %{HTTP_HOST} !^$ 

RewriteCond %{HTTP_HOST} !^www\. [NC] 

RewriteCond %{HTTPS}s ^on(s)| 

RewriteRule ^ http%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

I see there's the additional selector for HTTPS - if that's the key to this, I'll feel a bit silly.

Mike

[Mike McMullen]

Okay, well... After a while, .htaccess seemed to be the wrong way to look at it. 

I looked around some more, and decided that the Base Href was DEFINITELY the issue. So I found head.php in the Joomla Libraries, and commented it out.

Instantly, the pages all work. 

I have no idea why that was not working right (generating an HTTPS base href), but... this seems to work. Taking care of a stray module issue, then SSL looks like it will be up and running.

So I guess it Wasn't Gantry after all! Just Joomla.