Recent Topics
  1. b2evolution CMS Support Forums
  2. b2evolution Support
  3. General Support
  4. cannot log in after installation, port 443 problem

cannot log in after installation, port 443 problem

1 Jan 12, 2008 14:33    

My b2evolution Version: Not Entered

Hi folks --

I'm a b2e newbie, and also a recent arrival to the world of Linux servers, so would much appreciate any gentle answer that breaks it down for me, TIA!

I've just done my very first b2e installation (version 1.8), and have run into a snag that will not let me get beyond the post-install admin login form. The server runs CentOS 4.2 and it is a VPS that has Plesk installed. There is some kind of conflict between the way SSL is set up on this server and b2e's log-in URLs.

The installation went fine after I manually edited the _basic_config.php file according to the instructions. Now it's time to log in as "admin" with the random password created by the installer.

PROBLEM: I clicked the log in link at the bottom of the installer results page, which takes one to http://mysubdomain.mydomain.com:443/admin.php. An error page comes up saying:

Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.

So I try again using https://etc. Now the log-in form loads fine, but when I enter the un/pw and click the Log In! button, it calls a straight (non-secure) http url and my browser (Firefox 2) warns me: "Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection ..." I click the button to Continue, and get the "Bad Request" error again.

I have tried changing the SSL settings for the blog's subdomain via Plesk. Have tried:
1- disabling SSL support for the subdomain
2- enabling SSL support for the subdomain, with the "Use a single directory for housing SSL and non-SSL content" box checked
3- enabling SSL support for the subdomain, with the "Use a single directory for housing SSL and non-SSL content" box unchecked

these are the only 3 possible ways to configure SSL via Plesk (and I don't know enough about CentOS, Linux, or the CLI to know where else to turn) ... and I cannot get around the problem with any of these SSL configs applied to the subdomain

Apparently I can only access the site thru port 443 using https:// protocol.

Do I need to edit a template file somewhere, to make the admin login page submit an https:// URL?

thanks again,

kazar

Back to top

2 Jan 12, 2008 20:28

http://domain:443/ makes no sense (as you see in the error).
https://domain:443/, would, but is the same as https://domain/ (443 is the default for https).

Try setting $htsrv_url_sensitive in /conf (_advanced.php if I remember correctly) to "https://domain/htsrv"
Then it should use that for e.g. the login form.
Unfortunately, this is not available in 1.8 yet probably.

If I understand correctly, it works without using https, correct?

Back to top

3 Jan 12, 2008 21:27

blueyed wrote:

http://domain:443/ makes no sense (as you see in the error).

I thought it didn't make sense either, but definitely hesitated to say so since I still dripping wet behind the ears with b2e. My only experience to date with php web apps is by doing minor mods on my phpbb forums. Yet it seems strange that after running the plain-vanilla install process, the link from the reply page for admin login has a http://domain:443/ URL. (I feel even less qualified to even suggest ... maybe ... just perhaps ... this is a bug? but then why is not everyone who installs 1.8 reporting it?)

I wonder what the installation code looks for when generating the base URL for admin login? I had a look at the db tables themselves and it does not appear to be a db value; least I couldn't find it. So it's a php "token" or whatever one calls it (pardon my raging ignorance), the kind of thing I'd edit in phpbb's lang_main.php file?

https://domain:443/, would, but is the same as https://domain/ (443 is the default for https).

So then who/what added the port 443 specification to my URL? Again, all I did was run install.

Try setting $htsrv_url_sensitive in /conf (_advanced.php if I remember correctly) to "https://domain/htsrv"
Then it should use that for e.g. the login form.
Unfortunately, this is not available in 1.8 yet probably.

If I understand correctly, it works without using https, correct?

I can get the login form to load up ONLY if I use https OR if I delete :443 from the URL. But after entering un/pw values when I click the Log In! button on the form, the link it calls once again sends http (not s) thru port 443.

So is admin login usually done via https or not? (I would certainly prefer a secure connection for all log-ins if possible! even lower-level users)

And where did 443 come from? I did not install whatever package was available in Plesk's "Application Vault" because it was still a 0.9.x version. I downloaded 1.8, unzipped it and sftp'd it into my site, then ran install. The error came up requiring me to manually modify _config_basic which went fine. Somehow in that very straightforward process b2e interpreted something about my domain's setup as requiring port 443 perhaps?

anyhow, these are mostly rhetorical questions ... I have nothing in the blog yet so what i've done is taken down a copy of what was installed, then will remove it and install the 0.9 version via Plesk, and will compare config docs.

I will play with changing the URL as you suggest in _advanced.php.

Will post progress, and thank you so much,

kazar

Back to top

4 Jan 12, 2008 21:44

I found the issue, the actual $baseurl was set to http://domain:443. This was in _basic_config.php, and I'd edited that page by pasting in exactly the block of text that the installer loaded into my browser and told me to copy in.

So this goes back to my theory that there is something in the setup of security on the (sub)domain because of Plesk, that caused the installer to add the 443.

Editing the $baseurl value makes log-in work.

Will investigate a bit more to see if I can solve why the installer created that strange URL ... when I have time, will post back.

thanks again, blueyed!

if i ever get really good at this, i hope to help others out some day on this project.

kazar

Back to top

5 Jan 15, 2008 00:45

You've found a bug indeed. The code which "detects" $baseurl looks a bit wrong in this regard:


// Guess baseurl:
// TODO: dh> IMHO HTTP_HOST would be a better default, because it's what the user accesses for 
//       fp, please change it, if it's ok. SERVER_NAME might get used if HTTP_HOST is not given, but that shouldn't be the case normally.
$baseurl = 'http://'.( isset( $_SERVER['SERVER_NAME'] ) ? $_SERVER['SERVER_NAME'] : 'yourserver.com' );
if( isset( $_SERVER['SERVER_PORT'] ) && ( $_SERVER['SERVER_PORT'] != '80' ) )
  $baseurl .= ':'.$_SERVER['SERVER_PORT'];
$baseurl .= preg_replace( '#/install(/(index.php)?)?$#', '', $ReqPath ).'/';

It always uses "http://" as prefix, but will add e.g. 443, if you're installing through "https".

I'll add a TODO/comment to the code, because I'm not sure how to fix this best. You probably don't want "https" for your baseurl..
In the end, it's just a guess anyway, so.. ;)

If you want to make login etc now secure (using https), you just need to set $htsrv_url_sensititive accordingly now (if it's in 1.8).

Why are you not using 2.x or at least the latest 1.10.x?

Back to top

6 Jan 15, 2008 23:09

hi, blueyed! thanks for hangin' in here with me on this topic. This evening I'll be reinstalling from scratch and will letcha know how it goes.

I just did a a folder-wide search on the string "$htsrv_url_sensititive" across the entire unzipped b2e 1.10 folder and it does not turn up anywhere. Are you sure this was not something added in later releases? I'd rather be using a stable release and as far as I could decipher the list of versions, 2.x is up to RC stage, not stable?

As for why I'd used 1.8, I guess I was confused by the versioning system used at b2e (not a complaint, I'm not a programmer so I'd presumed that if 2.2 is a "Beta" that 2.3 is not ready for prime time even tho' it does say "RC").

Would you recommend I use 2.3 instead?

kazar

Back to top

7 Jan 17, 2008 00:07

Sorry, typo: it's $htsrv_url_sensitive

Yes, I recommend using 2.3 - especially when starting anew: you don't want to learn the old way skins work to re-learn it for 2.x (in case you want to customize it). But there are a lot of other reasons, too.

Back to top

8 Jan 17, 2008 00:59

thanks, will do. I did end up getting the baseURL to configure itself properly with 1.10.x after deleting the entire domain and starting over. While I have not nailed down exactly what happened the first time 'round, I do believe it has something to do with Plesk CP options for serving SSL docs from a separate directory ("https_docs") or from the same directory as non-SSL pages ("http_docs"). Just typing in this info so if anyone ever does a forum search for Plesk, maybe I can help them out (feel free to PM me, Plesk victims)

Now, back to b2e, I will take your advice and start over w/2.3, thanks again. May Julia Roberts adopt all your orangutans :-D

kazar

Back to top


Form is loading...