Thread

How can I put the admin side of EE under a secure connection? Notice, I already have SSL setup and working fine but if I try to load the admin page under it, the whole systems fails.

Pages itself work but not the admin. And I think its insecure to access the admin on side on plain text.

No reply? Really? I had the impression EE was secure, how can it be secure if administrators have to log via a non secure connections sending logins in plain?

ExpressionEngine should work ok with https. Are you getting any error message when you’re accessing your admin via https?

Yes, the pages, templates, etc all work fine under SSL.

Im talking about the administrator or control panel.

When I try to load it under SSL, its basically completely broken, it will not load the CSS, javascript and other data because it complains they run from insecure content.

Is there something you need to change in EE to run the control panel under SSL? I don´t think changing the main url would work because of course I don´t want to run all pages under SSL, just some of them and this mix works great. Some pages are secure, and some not, like normal websites. But the control panel should always be loaded under a secure url and I cannot achieve this.

I have the index.php hidden with the .htaccess instructions and administrator file is renamed just as the security instructions says.

This error seems to be related to the fact that EE tries to use the full url for loading that which would be a bug, it should use paths like /images, /themes, etc, so its not depend on the protocol loaded.

I don´t know why but I never go the control panel/admin side to be able to load under https

Have you set the cp_url parameter to https?

$config['cp_url'] = 'https://site.com/system/index.php';

http://devot-ee.com/ee-config-vars

Where is that because I surely looked before?

Under admin, general configuration the only paths and urls are for:
URL to the root directory of your site
URL to your “themes” folder
Theme Folder Path

If I set those to SSL it breaks the site, and it would not make sense since the sites pages do work under SSL. A setting only for the CP makes sense but where is that? And if this exists, im impressed that its not anywhere in the documentation. I use EE for over a year and I surely looked for a setting to only specify the CP url.

Granted im not an expert in EE but I could not find this in the Ellis Lab documentation either and this is very basic. To run admin side secured.

Is this in the config file which I need to edit directly? Because Devot EE is for addons which I purchased before, so it would not even make sense why this info is not in the official Ellis Lab but is on an external site. I assume the setting is officially supported without mods or addons correct?

It would be nice if someone instructs what needs to be changed in your installation, all settings to have the CP run under “https”, even is it requires manual tweaks or file edits I have no problems with it but my question is where is this information or how to guide? I don´t think I would be the first person asking this so it should be published somewhere.

Sorry I forgot to explain. You have to add that line into the system/expressionengine/config/config.php file.

Thank you Ralph, I changed it to “https” there but it did not made any difference.

What is strange is that the

$config[‘base_url’] = ‘’;

There is blank. Which is rather strange.

That $config[‘index_page’] = “”; is also blank, but on purpose since I followed the EE instructions to remove the “index.php” with .htaccess

Hmm. It could be a problem with the theme_folder_url. Maybe set it so it’s relative, modify or add the following line in config.php:

$config['theme_folder_url'] = '/themes/';

It actually complains about everything.

Images, CSS (from themes), and Javascript.

It gives the error that this content is being loaded from an insecure place. The theme does have a fixed http url but in the admin GUI.

Is it normal to have this setting blank in the config file?

URL to your CodeIgniter root. Typically this will be your base URL,
| WITH a trailing slash:

EDIT:

$config[‘theme_folder_url’] = ‘/themes/’;

Did the trick. Did not tested this extensively, but at first look its loads everything fine now.

How do I buy you a beer?

No problem, glad I could help.