Bitcoin Forum
August 18, 2019, 05:57:05 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: ssl https need some help (solved thanks to HeRetiK)  (Read 198 times)
Vibez1Tv
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
November 22, 2017, 10:55:55 AM
Last edit: November 22, 2017, 12:35:35 PM by Vibez1Tv
 #1

i have some problems with http https :/

this is my website https://bitscasino.net   but it seems not to be safe when i browser it via chrome ?

i tried already

AddDefaultCharset UTF-8

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

DirectoryIndex index.php

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [L,QSA]
RewriteCond %{HTTP_HOST} ^bitscasino\.net$ [OR]
RewriteCond %{HTTP_HOST} ^www\.bitscasino\.net$
RewriteRule ^/?$ "https\:\/\/bitscasino\.net\/" [R=301,L]

in .htacces but not working any suggestions how i can fix this please  ?

CryptoFreaks
1566107825
Hero Member
*
Offline Offline

Posts: 1566107825

View Profile Personal Message (Offline)

Ignore
1566107825
Reply with quote  #2

1566107825
Report to moderator
1566107825
Hero Member
*
Offline Offline

Posts: 1566107825

View Profile Personal Message (Offline)

Ignore
1566107825
Reply with quote  #2

1566107825
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1566107825
Hero Member
*
Offline Offline

Posts: 1566107825

View Profile Personal Message (Offline)

Ignore
1566107825
Reply with quote  #2

1566107825
Report to moderator
1566107825
Hero Member
*
Offline Offline

Posts: 1566107825

View Profile Personal Message (Offline)

Ignore
1566107825
Reply with quote  #2

1566107825
Report to moderator
1566107825
Hero Member
*
Offline Offline

Posts: 1566107825

View Profile Personal Message (Offline)

Ignore
1566107825
Reply with quote  #2

1566107825
Report to moderator
Mountaingoat
Hero Member
*****
Offline Offline

Activity: 644
Merit: 500



View Profile WWW
November 22, 2017, 11:02:33 AM
 #2

Do you have Apache or NGINX?

If you use Apache follow the instructions on this website:
http://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file

If you use NGINX follow the instructions here:
https://serverfault.com/questions/250476/how-to-force-or-redirect-to-ssl-in-nginx

If you don't know which one you have go to a non existing page, it should tell you what you have.
NeuroticFish
Legendary
*
Offline Offline

Activity: 1946
Merit: 1276


There are no mistakes. Only opportunities wasted.


View Profile
November 22, 2017, 11:10:30 AM
 #3

If you don't know which one you have go to a non existing page, it should tell you what you have.

I've tried for OP a non existing page. It has shown "Proudly powered by LiteSpeed Web Server" Smiley
So I tried to seek for help with Google. I've searched for: force https site:litespeedtech.com
There are at least 2 links that could be of help:
https://www.litespeedtech.com/support/forum/threads/force-https-for-entire-domain.14495/
https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:config:https-redirect

You have now the initial search query too in case the posted links didn't help.

Vibez1Tv
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
November 22, 2017, 11:59:48 AM
 #4

If you don't know which one you have go to a non existing page, it should tell you what you have.

I've tried for OP a non existing page. It has shown "Proudly powered by LiteSpeed Web Server" Smiley
So I tried to seek for help with Google. I've searched for: force https site:litespeedtech.com
There are at least 2 links that could be of help:
https://www.litespeedtech.com/support/forum/threads/force-https-for-entire-domain.14495/
https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:config:https-redirect

You have now the initial search query too in case the posted links didn't help.
Thanks for the tip. noticed the litespeed before but ive forget to look at it. checking it now hope this will work Smiley

CryptoFreaks
HeRetiK
Legendary
*
Offline Offline

Activity: 1204
Merit: 1111


the forkings will continue until morale improves


View Profile
November 22, 2017, 12:13:42 PM
 #5

Looking at the security warning and your HTML source the problem seems to lie not on your server, but on some of the elements that you are loading from external sites.

For example this image:
http://coinpot.win/assets/img/banners/728x90.gif

It's loaded via regular http, which causes your whole website to show up as potentially insecure. Now apparently coinpot.win doesn't support https, so you'll likely have to host the banner yourself.

There is also an iframe somewhere on your page that loads an external page via http. There might be even more, but I didn't fully look through it.

Word of advice: When loading resources (ie. images, iframe content, css files, js files, etc) refer to the url via:

Code:
//domain.com/path/to/resource.gif

instead of

Code:
http://domain.com/path/to/resource.gif

This way your browser automatically loads the resources via whatever protocol -- ie. https instead of http -- you are currently using.

Note that if the external site where you load the resources from doesn't support https you'll have to host it yourself -- or choose an external resource that does support https.

Vibez1Tv
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
November 22, 2017, 12:34:46 PM
 #6

Looking at the security warning and your HTML source the problem seems to lie not on your server, but on some of the elements that you are loading from external sites.

For example this image:
http://coinpot.win/assets/img/banners/728x90.gif

It's loaded via regular http, which causes your whole website to show up as potentially insecure. Now apparently coinpot.win doesn't support https, so you'll likely have to host the banner yourself.

There is also an iframe somewhere on your page that loads an external page via http. There might be even more, but I didn't fully look through it.

Word of advice: When loading resources (ie. images, iframe content, css files, js files, etc) refer to the url via:

Code:
//domain.com/path/to/resource.gif

instead of

Code:
http://domain.com/path/to/resource.gif

This way your browser automatically loads the resources via whatever protocol -- ie. https instead of http -- you are currently using.

Note that if the external site where you load the resources from doesn't support https you'll have to host it yourself -- or choose an external resource that does support https.
This was it! thanks allot fixed now i missed that one i placed direct in admin panel not in source code =)

CryptoFreaks
Vibez1Tv
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
November 22, 2017, 12:37:05 PM
 #7

Looking at the security warning and your HTML source the problem seems to lie not on your server, but on some of the elements that you are loading from external sites.

For example this image:
http://coinpot.win/assets/img/banners/728x90.gif

It's loaded via regular http, which causes your whole website to show up as potentially insecure. Now apparently coinpot.win doesn't support https, so you'll likely have to host the banner yourself.

There is also an iframe somewhere on your page that loads an external page via http. There might be even more, but I didn't fully look through it.

Word of advice: When loading resources (ie. images, iframe content, css files, js files, etc) refer to the url via:

Code:
//domain.com/path/to/resource.gif

instead of

Code:
http://domain.com/path/to/resource.gif

This way your browser automatically loads the resources via whatever protocol -- ie. https instead of http -- you are currently using.

Note that if the external site where you load the resources from doesn't support https you'll have to host it yourself -- or choose an external resource that does support https.
and for mixed content issue what im doing wrong there ? is that the same protocol ? leave your btc wallet will send you a tip when im home

CryptoFreaks
HeRetiK
Legendary
*
Offline Offline

Activity: 1204
Merit: 1111


the forkings will continue until morale improves


View Profile
November 22, 2017, 01:49:12 PM
 #8

[...]

Word of advice: When loading resources (ie. images, iframe content, css files, js files, etc) refer to the url via:

Code:
//domain.com/path/to/resource.gif

instead of

Code:
http://domain.com/path/to/resource.gif

This way your browser automatically loads the resources via whatever protocol -- ie. https instead of http -- you are currently using.

Note that if the external site where you load the resources from doesn't support https you'll have to host it yourself -- or choose an external resource that does support https.
and for mixed content issue what im doing wrong there ? is that the same protocol ? leave your btc wallet will send you a tip when im home

Unless one of the external sites you are referencing doesn't support https the above approach (ie. referring to source files with // instead of http:// ) should solve your mixed content issues. If you still come across a mixed content issue, double check your HTML source for http references.

Note: Links to external websites, for example a text link to http://www.google.com/ should be fine and not cause any errors.

Feel free to tip me BTC at: 14wcruSDsiwSyHSRoC4cAb4UqTAJdGSJ5V

Also feel free to PM me in case you have any further questions.

Vibez1Tv
Member
**
Offline Offline

Activity: 98
Merit: 10


View Profile
November 22, 2017, 02:09:19 PM
 #9

[...]

Word of advice: When loading resources (ie. images, iframe content, css files, js files, etc) refer to the url via:

Code:
//domain.com/path/to/resource.gif

instead of

Code:
http://domain.com/path/to/resource.gif

This way your browser automatically loads the resources via whatever protocol -- ie. https instead of http -- you are currently using.

Note that if the external site where you load the resources from doesn't support https you'll have to host it yourself -- or choose an external resource that does support https.
and for mixed content issue what im doing wrong there ? is that the same protocol ? leave your btc wallet will send you a tip when im home

Unless one of the external sites you are referencing doesn't support https the above approach (ie. referring to source files with // instead of http:// ) should solve your mixed content issues. If you still come across a mixed content issue, double check your HTML source for http references.

Note: Links to external websites, for example a text link to http://www.google.com/ should be fine and not cause any errors.

Feel free to tip me BTC at: 14wcruSDsiwSyHSRoC4cAb4UqTAJdGSJ5V

Also feel free to PM me in case you have any further questions.

Oke lets dig into the html and change all source to // without the https

tip earned will send it when im home im at work atm Smiley

CryptoFreaks
HeRetiK
Legendary
*
Offline Offline

Activity: 1204
Merit: 1111


the forkings will continue until morale improves


View Profile
November 22, 2017, 02:21:52 PM
 #10

Oke lets dig into the html and change all source to // without the https

tip earned will send it when im home im at work atm Smiley

Appreciated, thank you Smiley

The https:// references should be fine (although there's no harm done in switching those to // as well). It's the http:// references (without the "s" at the end) that you want to look out for.


Also once you've done this I would advise you to redirect http requests to the https version of your site, as mentioned in this post:

[...]

If you use Apache follow the instructions on this website:
http://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file

[...]


Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!