This is the documentation for concrete5 version 5.6 and earlier. View Current Documentation

I'm hosting a Concrete 5.6 site with 1and1 and even though they do not provide a SSL certificate with my plan, they do provide what they call a "shared SSL encryption" wich is essentially a SSL proxy they supply for your domain.

You know your provider is routing you through a SSL proxy if the secure address they provide you with looks like https://ssl.theirdomain.com/yourdomain instead of http://yourdomain.com.

This option isn't great if you want your visitors to browse securely at any point (the address change might look suspicious and dissuade your users) but it does the trick if all you want is manage your site securely.

If you notice images are missing and links are broken when visiting your site via the SSL Proxy, open your config/site.php file and add the following lines:

    if ( @$_SERVER['HTTPS'] == 'on' || @$_SERVER['HTTP_X_FORWARDED_SERVER'] == 'ssl.theirdomain.net' ) {
    define('BASE_URL', 'https://ssl.theirdomain.net');
    define('REDIRECT_TO_BASE_URL', false);
    define('DIR_REL', '/yourdomain');
}

(this example assumes your secure address is "https://ssl.theirdomain.net/yourdomain", you will have to adapt the code above to respect your own address)

That did the trick for me.

For a bit of added security, you can add the same condition in you theme's footer to only display the login link when accessing the site from the SSL proxy.

Loading Conversation