SSL but browser showing insecure content

[bzdevil]

I've been trying to make Prestashop work properly with SSL but I keep getting warnings about insecure content. This is a fresh default installation of Prestashop v1.5.4.1. You can check the site here:

 

https://www.qempo.co...ashop/index.php

 

SSL is forced on the webserver (nginx, not Apache). Also, PS_SSL_ENABLED is set to 1 in the database. I haven't changed anything else in the config nor added modules, altered templates, etc. Plain vanilla install, yet it doesn't work properly with SSL. There's a bunch of images sent via HTTP instead of HTTPS. In SEO & URL, SSL domain and shop domain are the same (www.qempo.com).

 

No matter what I do, it keeps showing partial content via HTTP. Mainly product images are being shown via HTTP.

 

 

I've read plenty of documents but so far I'm unable to pinpoint the source of this problem. I thought that with a default install I wouldn't see the issue but it's there.

 

Please advice.

Edited June 18, 2013 by bzdevil (see edit history)

[bzdevil]

nvm, fixed the problem adding this to nginx.conf

 

fastcgi_param HTTPS on;

[misu3108]

Just wanted to say thanks for fixing this. I had same issue with my store 1.4.8.2 and nginx

[clickerror]

I am having the same issue. I already have this
 

                # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
                # With php5-fpm:
                fastcgi_pass unix:/var/run/php5-fpm.neo.sock;
                fastcgi_index index.php;
                include fastcgi_params;
                fastcgi_param           HTTPS                   on;

 

but still not workng.. would you mind posting your sample config here. That would be a great help.

 

[vekia]

im affraid that it's not a case of configuration but a case of how prestashop generates links to contents like css / js / img

what ps version you use? what theme?

[clickerror]

Thanks for the response Vekia. I figured it out. To answer your question, we are using our own theme. Its now using the https header for all internal links.     I just need to clean up the external links that uses http. All are good now.

[bzdevil]

This is our config and its working now:

 

  server {
    listen xxx.xxx.xxx.xxx:443;
    ssl on;
    ssl_certificate /etc/nginx/ssl/server_combined.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key;
    server_name www.server.com;
    root /var/www/html/server;
    index index.php index.htm index.html;
    access_log /var/log/httpd/access_server_log main;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param HTTPS on;
    include fastcgi_params;

    location / {
      try_files $uri $uri/ /index.php?q=$uri&$args;
    }
 
    location ~ \.php$ {
      fastcgi_pass unix:/var/run/nginx2.sock;
    }
 
    location ~* \.(css|js|gif|jpg|jpeg|ico|png|swf)$ {
      access_log off;
      expires max;
    }
  }

Edited July 31, 2014 by bzdevil (see edit history)

[vekia]

Thanks for the response Vekia. I figured it out. To answer your question, we are using our own theme. Its now using the https header for all internal links.     I just need to clean up the external links that uses http. All are good now.

 

so it's related to some custom contents as i suspected! 

[clickerror]

I pretty much solve the https part except on iframe. It seems it still using the http protocol. How do i force iframe to get the https one? This is when I try to see quick view (overlayed iframe) a product.

Thanks in advance.

Edited August 28, 2014 by clickerror (see edit history)