• Skip to main content
  • Skip to primary sidebar

How to use HTTPS in vBulletin 3x & 4x – Mixed Content Solution

Reading Time: 3 mins. Posted on January 22, 2017, last updated on April 27, 2020 .

How to enable SSL certificate or HTTPS for vBulletin and remove the mixed content warnings for the thread pages in vBulletin 3x or 4x

How to use HTTPS in vBulletin 3x & 4x – Mixed Content Solution

If a site is not on HTTPS, Chrome version 56+ will mark it as “not secure” for password and other sensitive information fields. In vBulletin 3.x and 4.x, using HTTPS is not out of the box.

Let’s make the vBulletin vBulletin 3.x and vBulletin 4.x over to HTTPS in 5 simple steps.

1. Install SSL Certificate for the domain

First, we need to install the SSL certificate for the domain. You can purchase an SSL and install it or can use Let’s Encrypt’s Free SSL provided your hosts offer it.

Once the SSL is installed for the domain, you should browse the forum of HTTPS. It shouldn’t throw a complete SSL warning but some part of the forum will load whereas others won’t.

2. Change Forum URL

Now login to the Admin CP and under vBulletin Options, we have Site Name / URL / Contact Details under which there is an option to set Forum URL. If it is http://yourdomain make it https://yourdomain

3. Change StyleVars

In vBulletin 3.x, unless you have changed to absolute image URLs, it is completely ok to skip this step.

Check under Styles & Templates > Style Manager > For your style from the drop-down edit Stylevars.

Make sure Image Paths for the vBulletin are either relative to the forum root or if they have an absolute path, it is HTTPS and not HTTP

In vBulletin 4.x typically the logo URL is often an absolute URL with HTTP instead of HTTPS. Ideally, it should not be the case.

Still, under Style Styles & Templates, for “Style Variables” check for the title image to make sure the path is either relative to the forum root or if they have an absolute path, it is https and not HTTP

4. Search vBulletin Templates for any HTTP://

Ideally, if your templates aren’t modified you can skip this step. However, if you have Google Analytics code or other Ad embeds for the HTTP domain, you need to replace them to be on the HTTPS domain.

Under Styles & Templates, there is an option to Search in Templates. Use the search to find any occurrence of HTTP URLs instead of HTTPS for images, CSS, or scripts and replace them with HTTPS.

5. Route Images Via Image Proxy Script

We have the design which includes CSS and JS and images change fairly easily. However, the issue will be for user content where images are embedded from other non-HTTPS based sites.

The solution is in two parts.

Part 1: Proxy PHP Script for Images

Here is a sample PHP proxy code using curl that can be used in vBulletin to route image embed URLs in posts through the proxy.

<?php
$salt = 'XXXX'; //Salt that was used to send hash param
$url = urldecode($_REQUEST['u']); // URL encoded parameter
if (!$url) die('Invalid Request.');
// We check hash to keep hackers out.
$hash = md5($salt.$url.$salt);
if ($_REQUEST['h'] != $hash) die('Invalid Request.');
//Start the Curl session
$session = curl_init($url);
curl_setopt($session, CURLOPT_HEADER, true);
curl_setopt($session, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($session, CURLOPT_TIMEOUT, 3);
curl_setopt($session, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($session);
list( $header, $contents ) = preg_split( '/([\r\n][\r\n])\\1/', curl_exec( $session ), 2 );
// Split header text into an array.
$header_text = preg_split( '/[\r\n]+/', $header );
// Cache for 10 days
header("Cache-Control: public, max-age=864000");
header("Pragma: public");
header('Expires: '. gmdate('D, d M Y H:i:s \G\M\T', time() + 864000));
// Propagate headers to response.
foreach ( $header_text as $header ) {
if ( preg_match( '/^(?:Content-Type|Content-Language|Set-Cookie):/i', $header ) ) {
header( $header );
}
}
echo $contents;
curl_close($session);
exit;
view raw imgproxy.php hosted with ❤ by GitHub

Create a PHP file and name it imgproxy.php in the root of the domain.

Part 2: Route IMG Tag to use Proxy for non-secure Images

For nonsecure IMG URLs, override the final url of the image to route through the above proxy. Make sure you are using the same secure salt and hashing to avoid any hacking attempts with the proxy.

In the Admin CP > Plugins & Products > Add New Plugin

Select the Hook Location as bbcode_img_match and Title as HTTPS for vBulletin add the following code in the Plugin PHP Code

<?php
//* Do NOT include the opening php tag above. Copy the code shown below.
$urlbits = parse_url($link);
$salt = 'XXXX';
if ($urlbits['scheme']!='https')
$link = '/imgproxy.php?u='.urlencode($link).'&h='.md5($salt.$link.$salt);
$retval = ($fullsize ? '<div class="size_fullsize">' : '') . '<img src="' . $link . '" border="0" alt="" />' . ($fullsize ? '</div>' : '');
view raw bbcode.php hosted with ❤ by GitHub

And make sure you have selected the plugin is active to Yes.

The above code assumes that you have uploaded the image proxy file to the server and named it as imgproxy.php in the root of the domain.

6. Check Other Paths

In some vBulletin forums, the smiley paths or avatar (Custom or built-in) paths are absolute paths. So when that user has a post in a thread, it may throw a mixed content warning. Make sure to check those paths for either relative URLs or have HTTPS-based URLs.

Also read:
Optimize vBulletin for Less Server Load & Better User Experience
Optimize vBulletin for Less Server Load & Better User Experience
How to optimize vBulletin 3.x and 4.x for less server load and provide fast loading site experience to members as well as guests.

7. Finally, Redirect HTTP to HTTPS

The vBulletin forum is now available on HTTP url as well as HTTPS url. It is good practice to redirect the HTTP version of the site to HTTPS using htaccess. Here is the simple code one can add right at the top of the htaccess file.

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
</IfModule>
view raw .htaccess hosted with ❤ by GitHub
You are Here: Home / CMS / How to use HTTPS in vBulletin 3x & 4x – Mixed Content Solution

About Shabbir Bhimani

Blogging Since 2009. If I can leave my high paying C# job in an MNC in the midst of global financial crisis of 2008, anybody can do it. @BizTips I guide programmers and developers to Start and Grow an Online Business. Read more about me here.

May I help You With ...

Upwork Proposal
Finding Clients
Start a Store
Start a Blog
 

Or Help Yourself ..

Primary Sidebar

About Shabbir Bhimani

Blogging Since 2009. If I can leave my high paying C# job in an MNC in the midst of global financial crisis of 2008, anybody can do it. @BizTips I guide programmers and developers to Start and Grow an Online Business.

Get in touch with me on LinkedIn or read more about me here.

Let me Guide You to Start and Grow your Online Business

Download my
FREE eBook NOW
to win more clients.
And it is not an annoying pop-up either

Additional menu

  • Twitter
  • Linkedin

BizTips

Shabbir Bhimani: Start and Grow an Online Business

  • Freelancers Start Here
  • Start An eCommerce Store
  • Start A Blog
  • About
  • Archive
  • Disclaimer
  • Contact
  • Glossary

2009 - 2023 All my content & images are licensed as Creative Commons.

WebTurtles LLP. LLPIN: AAL-5288. Hosted with Linode.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT