FOR ARCHIVAL PURPOSES ONLY

The information in this wiki hasn't been maintained for a good while. Some of the projects described have since been deprecated.

In particular, the "Ushahidi Platform v3.x" section contains information that is often misleading. Many details about this version of Platform have changed since.

This website is an extraction of the original Ushahidi wiki into a static form. Because of that, functions like logging in, commenting or searching will not work.

For more documentation, please refer to https://docs.ushahidi.com

Skip to end of metadata
Go to start of metadata

This guide is based on recommendations for deploying Kohana to production: http://docs.kohanaphp.com/installation/deployment

  • Set your cookie domain - this restricts cookies to being accessed only by your domain

    • Edit application/config/cookie.php and change the following line to your domain name (without the www):

      Example:

  • Enable HTTPS / SSL
    • Purchase a valid SSL certificate (many hosting companies can do this for you or try a major provide like verisign.com)
      • You need a valid certificate, not a self-signed cert or your users will get a big scary warning the first time they access your site.
    • Install the SSL certificate on your server (again - many hosting companies can do this for you)
      There are many guides online for how to install SSL certificates, and companies that sell certificates often provide install instructions.

    • Set site protocol to https
      Edit application/config/config.php and change the following line:

      to

    • Set SECURE flag on cookies - this restricts cookies to only be accessed over SSL.
      Edit application/config/cookie.php and change the following line:

      to

  • Delete the installer
    • The installer is a potential security vulnerability.
    • While we try our best to make sure it can't be exploited, the installer should be deleted once you're deployment is up and running
    • Delete the entire installer/ directory and its contents.
  • Set your encryption key Since Ushahidi 2.5 this is done automatically in the installer

    • Edit application/config/encryption.php and change the following line:

      Your encryption key should be at least 16 character long and contain letters, numbers, and symbols.
      (Do not use a hash as your key. This significantly lowers encryption entropy.)

5 Comments

Hide/Show Comments

  1. ignas

    I cannot access admin accounts after installing SSL, regular accounts however work, any ideas?

    1. Robbie Mackay

      Hi Ignas, Thats a very odd issue I've never seen before. Can you describe what you changed to set up SSL? Also, what happens when trying to login as an admin now? -R

  2. itsme

    hi what if i want to remove the security warning of SSL from the admin area, i don't want SSL anybody can help removing that yellow message?

  3. Public Intelligence Project

    But how do you delete the installer? It doesn't actually give instructions on how to do so (unless I didn't see them).

     

    1. Robbie Mackay

      Public Intelligence Project There should be a directory called 'installer' in the base of your installation. Remove that.