SSL and OXID Backend interface problems

Good day,

Kārlis K. here with few slight problems with the OXID CE eCommerce package setup.

I’ll start off with the OXID enviroment setup:
[B]Operating System:[/B] [I]Windows Server 2008 R2 (fully operational with all the latest available updates installed)[/I]

[B]Web publishing server:[/B] [I]Internet Information Services 7.5[/I]

[B]IIS7.5 Role Services installed:[/B] [I]All HTTP Common Features; CGI Application Development(as Required for PHP); All Health and Diagnostics features (with an exception of ODBC Logging feature); All security role service features installed(except Client Certificate Mapping Auth. and IIS Client Certificate Mapping Auth.note: currently only anonymus authentication enabled and in use for websites); Static and Dynamic content compression features(Dynamic content compression to be used in near future for Microsoft IIS SmoothStream); IIS Management console feature(as required for managing IIS7.5);[/I]

[B]Additional IIS7.5 addons installed:[/B] [I]URL Rewrite Module(as required to meet OXID Apache mod_rewrite requirement); IIS Search Engine Optimization Module(not yet configured or in use);[/I]

[B]Installed Software:[/B] [I]PHP 5.3.2 x86 Non-Thread Safe (standard setup with few additional extensions installed that are required for phpBB forum package and MySQL note: phpBB not yet set up or in use); MySQL Community Server 5.1.48 Full x86 64-bit; Microsoft Visual C++ 2008 x64(as required for PHP5.3); Zend Server CE [PHP 5.3] 5.0.1;[/I]

[B]Websites:[/B] [I]Website #1 - OXID WebShop package for temporary use until Website #2 is ready for use(user interface currently operational and accessable, admin panel experiencing problems of being accessable only from local network); Website #2 - Contains phpmyadmin(fully functional) and OXID WebShop package for final web shop(currenly OXID is still being installed, setup experiencing SSL related problems); Website #3 - Zend interface;[/I]

[B]OXID version:[/B] [I]OXID Community Edition 4.3.2 27884[/I]

As for OXID setup: All Prerequisites and requirements during setup were met; Shop over all functional and accessible;

And now about the backend interface problem: During setup the OXID was set up using server’s local IP as ShopURL address because of the physical setup on the local network(IIS bindings also were set to Local IP), but the ShopURL was set to the FQDN web address. After Setup completion Config.inc.php was modified so that ShopURL was Local IP address so that Admin Panel would be accessible and few modifications could be made(those were: some currencies were removed and some added due to regional location where the shop will operate, active countries list was modified) from the local network … after that was done ShopURL in Config.inc.php was set back to FQDN(as well as the IIS binding) and shop end-user was informed that he is now able to use the admin panel to add his products. After a while the end user messaged back that he is unable to access the admin and that web browser is timing out not being able to access “http://192.168../” i double checked the Config.inc.php as well as the IIS website binds and confirmed that ShopURL indeed is set to FQDN and not Local IP …

As for the SSL problem: the OXID package during setup refuses to meet mod_rewrite when IIS7.5 Site SSL bindings are used, when SSL is not set as a mandatory in the IIS7.5 console and setup is being run trough http:// not https:// mod_rewrite requirement is detected as met but as no modifications are made and the setup is being tried to complete using https:// mod_rewrite shows up as red again…

I hope i didnt forget to menton anything, but if i did just ask for info.

  • Kārlis K. -

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

[B]EDIT:[/B] Shifted the website setup to get the OXID Backend admin interface working for the end-user - Website #1 [I]removed[/I] and replaced by Website #2 which i set up the same way i previously did with Website #1 except i did not change the ShopURL in the Config.inc.php after the installation was complete, there for Admin Panel is accessible from the outside … shop package and the admin panel are working(without the SSL for the moment tho).

So im not going to change anything in this website ShopURL settings for the moment until i find out why this happens because this isnt the first time Admin Panel becomes inaccessible from outside network because the Shop AdminURL is stuck on Local IP instead of FQDN written in Config.inc.php

Also, heres how i shifted the website #2:

[I]Created a new MySQL Database user and database for the user(to be able complete Database data import … no demodata tho);

Installed OXID eCommerce CE package on my Website #2 with all the requirements met and setup completely complete(including the “remove Setup folder” and modding the file perms);

Removed the Website #1 from IIS7.5 Console(not accessible + the binds assigned wouldnt be taken and there for could be reassigned without any errors);

Modified Database info in Config.inc.php to use the old data set up during Website #1 installation[/I]

End-User confirmed that the Admin Panel is accessible and usable

  • Kārlis K. -

Anyone mind taking a look at this? The problem is back again … once you try to administrate the shop from outside the local network your connection times out because the Admin panel Shop url for some reason sets itself to 192.168.1.***

Ok. I try.

Really I don’t know any about the IIS.

Some general hints for oxid-problems:

  • clean the ./tmp folder
  • disable all modules (admin->shopconfig->system->modules)
  • try the ‘basic’ template
  • perhaps clean the tables oxseo and oxseohistory… (make a db-backup before, of course)

…but maybe, you should change your style of posts.

The most Oxid users are german… and you write a lot of english text.
Maybe it helps, if you only list the really neccessary infos. And give a short description about what not work.

…or if you are a coder kiss (keep it simple and stupid) princip.

And now about the backend interface problem:

and shop end-user was informed that he is now able to use the admin panel to add his products. After a while the end user messaged back that he is unable to access the admin

The user never access to admin?

… being tried to complete using https:// mod_rewrite shows up as red again…

Where? In the Backend? I think its not accessible… or you make a new install?

Did mod_rewrite work?
You can see it, if you can navigate in the frontend.

  • There a lot of problems to check mod_rewrite. Eg. a htaccess password for this folder.
    However, if mod_rewrite in general work, all should be fine. Then you have only a incorrect error-message in the backend.

Really

Yes, i believe i over flooded the post with too much information …

Anyhow the problem with the backend seems to appear each time i set the page bindings to 192.168.1.*** to access it … at the moment i fixed the problem like i said before - i reinstalled the page keeping the SQL database data unharmed. To access the backend i have set up two websites - website #1 is the actual live website accessible from internet trough websites FQDN (website binds are the FQDN) and website #2 which is set to be accessible only from local network trough local IP address.

As for SSL problems … the setup itself doesnt want to detect mod_rewrite when the setup is being run using https:// instead of http:// there for i cannot install OXID using SSL

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

[B]EDIT:[/B] Talking about the website access, there are only two persons who have any kind of advanced access to the shop - its me and the other person who i call the end-user because he is the person selling the products and owner of the actual shop, and im only providing the website and support.

As for the shop theme, i am allready using the basic theme … i even removed some of the things i tought overcomplicated the shop structure(i removed only things related to front-end and that could not have been disabled in admin panel).

As for SSL problems … the setup itself doesnt want to detect mod_rewrite when the setup is being run using https:// instead of http:// there for i cannot install OXID using SSL

Ok. Now I understand, the problem is that you wanna install oxid via https.

I don’t have a free ssl server/port, so i only can guess what happen.

./setup/oxsetup.php


    public function getDefaultPathParams()
    {
        // default values
        $aParams['sShopDir'] = "";
        $aParams['sShopURL'] = "";

        // try path translated
        if ( isset( $_SERVER['PATH_TRANSLATED'])) {
            $sFilepath = $_SERVER['PATH_TRANSLATED'];
        } else {
            $sFilepath = $_SERVER['SCRIPT_FILENAME'];
        }

        $aParams['sShopDir'] = str_replace( "\\", "/", $this->_extractPath( preg_split( "/\\\|\//", $sFilepath ) ) );
        $aParams['sCompileDir'] = $aParams['sShopDir'] . "tmp/";

        // try referer
        $sFilepath = @$_SERVER['HTTP_REFERER'];
        if ( !isset( $sFilepath ) || !$sFilepath ) {
            $sFilepath = "http://" . @$_SERVER['HTTP_HOST'] . @$_SERVER['SCRIPT_NAME'];
        }
        $aParams['sShopURL'] = ltrim( $this->_extractPath( explode( "/", $sFilepath) ), "/" );

        return $aParams;
    }

You see, the filepath will be changed here hardcoded to http.

… in the function install it locks for me, that the path will be calculated like you wanna


        $aParams["sShopURL"] = rtrim( $oUtils->getEnvVar( "BASE_URL_HOST" ), "/" );
        if ( ( strpos( $aParams["sShopURL"], 'http://' ) || strpos( $aParams["sShopURL"], 'https://' ) ) === false ) {
            $aParams["sShopURL"] = rtrim( $oUtils->getEnvVar( "BASE_URL_SCHEME" ), "://" )."://".$aParams["sShopURL"];
        }

I think, you need to check out the oxsetup.php (really actual I cant try with ssl).

Or, keep it simple.

Install without https and change after imediatly the connection of your database. Also edit the config.inc.php to the new database settings and activate https. Then login as admin (via ssl) and change also the shop-admin-password.
So all the dangerous datas you send during the install process are changed. The effect is, more or less the same. Maybe you have a advance and see, what ip-adress try to attack you with the (changed) correct data.

Or.
Install via local network twice and change in the config.inc.php just the defined url.

Remember, you only need to install once… So this work you only need to do once.

To access the backend i have set up two websites - website #1 is the actual live website accessible from internet trough websites FQDN (website binds are the FQDN) and website #2 which is set to be accessible only from local network trough local IP address.

I think, this is not the best solution. You need to maintenance 2 Websides.
Just give the config.inc.php a little more intelligence.
Here a example
So you only need one installation for more then one URL. The config.inc.php decides what URL will be currently used.

Of course, you should make this a little more exact (don’t allow every URL, only accept the two [only the local and the one http binding] you define).

Oh wow, the code:

...
        if ($_SERVER["HTTP_HOST"]=="nuet.biz") {
          $this->sShopURL     = 'http://dev.nuet.biz';
        } else {
          $this->sShopURL     = 'http://dev.xn--nt-xka.net';
        }
...

…this is [B]exactly[/B] what i needed … i did try something simillar but i believe i overcomplicated and it didnt work so i went with multiple website setup. Many thanks for that link :slight_smile: .

As for SSL ill have a closer look at what you said and see how it works out.

You now, that there is a small error? - Try to think about the subdomain, too.

...
        if ($_SERVER["HTTP_HOST"]=="dev.nuet.biz") {
          $this->sShopURL     = 'http://dev.nuet.biz';
        } else {
          $this->sShopURL     = 'http://dev.xn--nt-xka.net';
        }
...

Oh thats just a copypaste from the other topic what im using is

...
        if ($_SERVER["HTTP_HOST"]=="<FQDN>") {
          $this->sShopURL     = 'http://<FQDN>';
        } else {
          $this->sShopURL     = 'http://<Local IP>';
        }
...

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
[B]EDIT:[/B]

Thanks again for taking a look at this and helping me out by pointing the right way, this is what im going with at the end:


          $this->sShopURL     = null;
if ($_SERVER["HTTP_HOST"]=="<FQDN>") {
          $this->sSSLShopURL     = 'https://<FQDN>';
	} else {
          $this->sSSLShopURL     = 'https://<Local IP>';
        }

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
[B]EDIT #2:[/B]

Code ended up being a bit 50/50 … for admin panel to work in SSL i did the same thing with “$this->sAdminSSLURL” and the final fully working code for me looks as follows:


        $this->sShopURL     = null;
if ($_SERVER["HTTP_HOST"]=="<FQDN>") {
        $this->sSSLShopURL     = 'https://<FQDN>';
	} else {
        $this->sSSLShopURL     = 'https://<Local IP>';
        }
if ($_SERVER["HTTP_HOST"]=="<FQDN>/admin/") {
        $this->sAdminSSLURL     = 'https://<FQDN>/admin/';
	} else {
        $this->sAdminSSLURL     = 'https://<Local IP>/admin/';
        }