Kirby inserting non-secure URLs after upgrade

I have been using Kirby in a docker container that was generated from a v3 release in early May of this year (don’t have confirmation of the precise version, but it was downloaded as part of building the docker container on May 4th). The site operates over HTTPS.

After re-generating the docker container today (with latest Kirby release) and running it, I am now getting mixed content errors as Kirby is inserting http rather than https URLs for linked items such as CSS/JS and page links.

Was there some change in the last few months to the way URLs are generated that might be causing this? A quick search through the release notes on GitHub didn’t highlight anything immediately.


AFAIK Kirby doesn’t force HTTPS. You have to config this on the webserver.

Thanks Bart. That’s the puzzling thing - I have HTTPS configured and am specifically connecting to the site via HTTPS in this instance. Yet Kirby continues to insert non-secure links into the templates with the upgraded version.

I do also have HSTS configured on apache inside my docker container. However, this does not avoid the browser taking issue with the non-secure links.

I even tried adding the following in my config.php file, noting some comments about this in other threads.

'ssl' => true

The ssl setting doesn’t exist anymore in Kirby 3.

To my knowledge, handling of URLs wasn’t changed in recent releases.

1 Like

@rixy Have you managed to work around this? I’m having the same issue. Everything is set up to work over https but all links to pages and files are rendered as http by Kirby.

Isn’t there a way to force Kirby to use https? I’ve tried explicitly defining a url in the config, as well as booting Kirby with a specific URL:

$kirby = new Kirby([
    'urls' => [
        'index' => ''

echo $kirby->render();

Both options don’t work.

Kirby just takes what is configured by your server. Are you also in a Docker context? What is your server configuration/htaccess setting? Have you made sure that you are not loading stuff from cache?

I’ve got a Dokku server, which is compatible with Heroku. So I’m using Heroku’s official PHP buildpack. Everything is pretty much configured as default, except for the file upload sizes for PHP.

While Dokku uses Nginx as the default web server, the PHP buildpack uses Apache inside a Docker container. That’s what I can tell from the Procfile:

web: vendor/bin/heroku-php-apache2 -i custom_php.ini

That’s where the problem is, I think. The proxied Apache service isn’t running on port 443 but port 5000.

I’m now brute-forcing the output to use https, but it isn’t pretty. :slight_smile:

echo preg_replace('/http:/', 'https:', $kirby->render());

Being able to configure this would be great.

@wout… I have good news and bad news… it seems I did solve this eventually since my site is behaving properly, but for the life of me, I cannot recall how :frowning:

If I can get to the bottom of it, I’ll let you know. My site does need some attention at present as I have to clear the cache often in order to fix some unexplained errors with page rendering, so perhaps I’ll stumble upon the solution again!

1 Like

@rixy Thanks for your reply. If you happen to come across the solution, I’d be happy to hear how you did it.