Redirect Problem after Installation?

Permalink 1 user found helpful
Hi everyone,

I have a Concrete5 site installed on my webserver that is working great, now I am ready to start a new site located in a different folder on the same server (under a different user). I am following the install procedures just as I did for my first site and all goes well, the installer passes all of its tests and tells me I am logged in as admin with a password that it randomly assigns to me.

However, when I click on "Continue to your site." the web browser hangs for a while and finally fails with this message...

"Firefox has detected that the server is redirecting the request for this address in a way that will never complete."

I can not find anything in the logs that indicates what might be happening (or I simply do not know which log to look at).

Does anyone have any idea where I might look for to resolve this problem?

Thanks in advance.

Roark Holz

 
ThemeGuru replied on at Permalink Reply
ThemeGuru
Check out your base url in the site.php it might be setup differently
roarkh replied on at Permalink Reply
Thanks for responding!

I double checked that file and it looks right to me, it definitely matches the syntax of my working site. I installed the new concrete site at "https://name.domain.org/concrete" (name.domain replaces the actual site name here since it is our staff intranet site and I would rather not publish the address).

This is the contents of the applicable part of site.php...

define('BASE_URL', 'https://name.domain.org');
define('DIR_REL', '/concrete');


The only different between this site and the one I was working on before is this is a secure site. Does that change the requirements for installation? Also, the site is password protected using a .htaccess file that is in the root directory of "https://name.domain.org". There are no rewrite rules in that .htaccess file however, just a reference to the password file. Just in case it may be part of the problem here is the output of that file (with a few changes for security purposes)...

AuthGroupFile /dev/null
AuthName "xxx Staff Site"
AuthType Basic
AuthUserFile /path/to/.htpasswd
require valid-user


Thank you so much.
roarkh replied on at Permalink Reply
I have made some progress solving this and thought I'd post here in case it helps someone else. I think my problem has something to do with how the DirectAdmin control panel software is configured to handle ssl directories.

Basically, each site on the server has a private_html folder where ssl files go and a public_html folder where regular files go. When I install Concrete5 in public_html everything works great, but when I install it in private_html (tried on 2 sites) it fails.

Directadmin also includes an option in the control panel to replace the private_html folder with a symbolic link to public_html. This allows you to keep all your files in public_html. If I use this option to enable ssl everything seems to work just fine with Concrete5.
syborlab replied on at Permalink Best Answer Reply
syborlab
Hey I have figured out how to fix this problem. Although I'm still looking at what is causing the problem.

If you trace the connection you go:
index.php
concrete/dispatcher.php
concrete/startup/url_check.php

and that's where the problem can be worked around. The simple solution is just to change line 6 from
$protocol = 'http://';

to
$protocol = 'https://';


Obviously that's a workaround for the way that the if statement is being passed or failed. The whole loop is
if (REDIRECT_TO_BASE_URL == true) {
   $protocol = 'https://';
   $base_url = BASE_URL;
   if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS']) && ($base_url_ssl = Config::get('BASE_URL_SSL'))) {
      $protocol = 'https://';
      $base_url = $base_url_ssl;
   }
   $uri = $_SERVER['REQUEST_URI'];
   if (strpos($uri, '%7E') !== false) {
      $uri = str_replace('%7E', '~', $uri);
   }
   if (($base_url != $protocol . $_SERVER['HTTP_HOST']) && ($base_url . ':' . $_SERVER['SERVER_PORT'] != 'https://' . $_SERVER['HTTP_HOST'])) {
      header('HTTP/1.1 301 Moved Permanently');  
      header('Location: ' . $base_url . $uri);
      exit;


There must be something with the constant REDIRECT_TO_BASE_URL.
I haven't investigated where that is set and what it's supposed to do but yes I replicated your problem and fixed it this way. There are a lot of things happening in dispatcher.php before it gets to the url_check.php line.

I'll post back if I figure the real fix out.

-
Brandt Milczewski
roarkh replied on at Permalink Reply
Thank you! This worked perfectly though I'm still unclear why it is necessary. Basically I expanded the Concrete5 files in the appropriate directory, made the modification you recommended above and ran the Concrete5 installer, as far as I can tell everything is working fine now.
andropov replied on at Permalink Reply
After searching the web and Concrete5 forums back and forth this solution finally fixed my redirect issues!
Thanks!

Probably this should be submitted as a Concrete5 bug...
Tom17 replied on at Permalink Reply
I had this problem yesterday when I installed Concrete5 for the first time. I have a 'sandbox' area on my dev box and I run it over SSL in a secure area.

When I saw the endless redirect loop, I dove into the code to find the problem and initially came up with the same solution that you did. This, of course, breaks non-ssl instances.

I think this may be a bug and the correct solution would be one of the following...

In concrete/startup/url_check.php
if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS']) && ($base_url_ssl = Config::get('BASE_URL_SSL'))) {

Here they are doing
Config::get('BASE_URL_SSL')
which I believe is a command to look up the value from the Config table in the database(Correct me if I am wrong on this). Looking in the database, there was no such value and these kinds of values were not in there at all. These types of config values are stored in the site.php config file.

As such, the (undocumented) value should be stored in there like so:
define('BASE_URL_SSL', 'https://your.domain.name');


And then modify the above line in concrete/startup/url_check.php as so:
if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS']) && ($base_url_ssl = BASE_URL_SSL)) {


An alternative would be to modify the installer and store this value in the database, if that is truly where it is meant to be stored. It seems more logical to me that it be stored along with BASE_URL and this solution does that.

Should I submit this as a bug?

Thanks,

Tom...
Tom17 replied on at Permalink Reply
I should probably add that the installer should too be updated anyway...

I.e, if the site is installed over SSL, then the BASE_URL_SSL variable should be set in site.php as well as BASE_URL. This would be needed for a seamless SSL install with no manual file editing needed.

I have to say that this failed install was the first impression I got from Concrete5. I almost didn't bother continuing but curiosity got the better of me.

I can help with the code changes for this if needed :)

Thanks,

Tom...
zanedev replied on at Permalink Reply
zanedev
Right on Tom17 you were right on the mark, THANK YOU. I just tried taking a v5.5.0 site live that needed to be all ssl and none of the old methods listed in the forums worked. Adding the config value to site.php and changing that line did the trick. It must be a bug...

BTW, I tried adding it manually to the config table in the db and it didn't work, I had to add it to site.php and make the change you outlined.

Thanks again for saving my hours.
r1digital replied on at Permalink Reply
r1digital
There's a module on the marketplace that will force HTTPS connections.

http://www.concrete5.org/marketplace/addons/force-ssl/...

Hope it helps
roarkh replied on at Permalink Reply
Thank you for your reply. This seems like a good idea but I am not entirely sure how to install and setup a module if I don't first have a working Concrete5 installation. Is there a way to set this up even if I can not get to the Dashboard (or any other page) of my site?
toneytse replied on at Permalink Reply
I am using DirectAdmin for the hosting, And I got the same problem on Https web page with 5.5.1, but after install Force SSL, changing site.php and url_check.php. A single https page with Force SSL enable will not loop anymore.

site.php add below codes:
define('REDIRECT_TO_BASE_URL', false);
define('BASE_URL_SSL', 'https://www.domainname.com');
define('BASE_URL', 'http://www.www.domainname.com');
define('DIR_REL', '/web');


url_check.php change to below code:
<?php 
defined('C5_EXECUTE') or die("Access Denied.");
if (REDIRECT_TO_BASE_URL == true) {
   $protocol = 'https://';
   $base_url = BASE_URL;
   if (isset($_SERVER['HTTPS']) && ($_SERVER['HTTPS']) && ($base_url_ssl = BASE_URL_SSL)) {
      $protocol = 'https://';
      $base_url = $base_url_ssl;
   }
   $uri = $_SERVER['REQUEST_URI'];
   if (strpos($uri, '%7E') !== false) {
      $uri = str_replace('%7E', '~', $uri);
   }
   if (($base_url != $protocol . $_SERVER['HTTP_HOST']) && ($base_url . ':' . $_SERVER['SERVER_PORT'] != 'https://' . $_SERVER['HTTP_HOST'])) {
      header('HTTP/1.1 301 Moved Permanently');


jbx_force_ssl.php change to below code:
<?php   defined('C5_EXECUTE') or die("Access Denied.");
/**
 * A model triggered by the on_before_render() event to check whether the page
 * should be rendered using https and redirect as necessary
 *
 * @package JBx Force SSL
 * @author Jon Bowes <jon@jbxonline.net>
 * @category Model
 * @copyright  Copyright (c) 2010 JBxHosting Ltd. (http://www.jbxonline.net)
 * @license   http://www.jbxonline.net/license/...     MIT License
 *
 */
class JbxForceSsl {
    /**
    * Returns nothing.
dmeller replied on at Permalink Reply
Hi,

If anyone is still having issues like these, one thing to check is your webserver is making the https server variable available!

You can check by adding a php file with the following and hitting the file in your browser

<pre><!--make it pretty-->
<?php
//echo out the SERVER variable
print_r( $_SERVER ); 
?>
</pre>


You should see $_SERVER['https'] in the output. If not, you need to add it to your server header output.