Pre-requisites for Installation:
You should have configured the web server that is serving your phpBB board to support the https:// protocol. There are plenty of resources on the web for helping with this. I recommend the free SSL certificates from
https://letsencrypt.org.
You also should have access to an SSL image proxy server. Depending on your server configuration this may be installed on the same server that runs your forum, or maybe a different server.
The SSL image proxy will usually be a camo proxy. A later post in this topic will give some hints on the installation and configuration of camo proxy, but this is not a support forum for that software.
This extension also supports another mode of operation called 'Simple Mode' which allows operation with a commercial service (cloudinary.com) which can act as an SSL proxy. That service may be useful for testing or for those who cannot, or do not want to, configure their own SSL proxy server. Other commercial or free SSL proxy services may be available.
Installation:
You can install this on the latest release of phpBB 3.1 by following the steps below:
- In the `ext` directory of your phpBB board, create a new directory named `phpbb` (if it does not already exist) and navigate to it
- `git clone git@github.com:phpbb-extensions/camo-ssl-image-proxy.git`
- Navigate in the ACP to `Customise -> Manage extensions`.
- Look for `Camo SSL Image Proxy` under the Disabled Extensions list, and click its `Enable` link.
Configuration for 'Camo Mode':
This applies if you are using a camo proxy.
- Navigate in the ACP to 'Extensions -> Camo SSL Image Proxy -> Configure'.
- Ensure that 'Camo Mode' is selected and that 'Image Proxy Enable' is selected
- Enter the proxy address (without protocol specifier or trailing /) e.g. mydomain.com/camo
- Enter the camo API key (as applicable)
Configuration for 'Simple Mode':
This applies if you are using an alternate proxy.
Note that the proxy url generated is of the form: https://myproxydomain/prefixoriginalstrippedurlmysuffix, where originalstrippedurl is the original image url with the leading http:// stripped off.
- Navigate in the ACP to 'Extensions -> Camo SSL Image Proxy -> Configure'.
- Ensure that 'Simple Mode' is selected and that 'Image Proxy Enable' is selected
- Enter the proxy address myproxydomain/prefix (without protocol specifier) e.g. res.cloudinary.com/abcdefg/image/fetch/http://
- Note that the leading http:// will be stripped off of the original image link, so should be added here if needed.
- Enter any string to be appended to the url mysuffix as the camo API key (or leave it blank)
Configuration of directly mapped domains:
To save load on the proxy server, some domains (which must themselves support the https:// protocol) can be configured so that image files hosted on those domains can be directly fetched by rewriting the image url from http:// to https://
- Navigate in the ACP to 'Extensions -> Camo SSL Image Proxy -> Configure'.
- Add your sites domain(s) to the Directly Mapped Domains list (without protocol specifier or trailing /) e.g. mydomain.com
- Add any other domain known to support https:// (limit 200 entries)
Note that there is a small additional processing overhead for each domain in the list, so it is recommended to only add a few domains that are commonly used for remote hosting of images on your board.
Enable or Disable 'locations':
'Locations' are phpBB template variables which are scanned by this extension to find insecure image urls to remap.
The locations list includes 'core' locations which are part of the phpBB distribution, and always enabled. There are also pre-defined locations for other extensions that are known to this extension. These are disabled by default, but should be enabled if you have the corresponding extension installed.
If a phpBB board is running other extensions (especially those that display avatars), it may be that the standard dataset of this extension needs to be augmented with extra 'locations'. This can be done automatically using 'Training Mode'.
Each location (except for the predefined core locations) may be enabled or disabled. A disabled location is still in the database, but http:// urls in that location will not be remapped. This is mostly used for testing purposes.
Automatically Training the extension for extra 'locations' (recommended):
In 'Training Mode' This extension scans the template data structures (after rewriting known insecure url locations) and if it finds any, it adds them to the database itself. In Training Mode, any disabled locations will be automatically re-enabled when a resulting insecure image url is detected.
Training mode only operates when pages are loaded by users with admin permissions.
As an admin, you will see training mode operate when you will load a page (e.g. for a newly installed extension) and see that it has mixed content warnings. The first loading of the page (in training mode) will train this extension, and a page refresh should show that the viewed page is now secure.
Configuring extra 'locations':
You can manually add extra template locations for this extension to search. You will probably need some developer knowledge and perusal of the extension source code to find the correct values to add for any particular extension. It is probably best to ask here first.
To add a 'location' fill in the 3 fields and click the 'Add Location' button at the right hand enc of the row.