{"id":4541,"date":"2017-11-15T13:28:55","date_gmt":"2017-11-15T13:28:55","guid":{"rendered":"https:\/\/musilda.cz\/?p=4541"},"modified":"2017-11-15T13:28:55","modified_gmt":"2017-11-15T13:28:55","slug":"jak-funguje-http-a-https-ve-wordpressu","status":"publish","type":"post","link":"https:\/\/affinite.io\/cs\/jak-funguje-http-a-https-ve-wordpressu\/","title":{"rendered":"Jak funguje HTTP a HTTPS ve WordPressu"},"content":{"rendered":"

HTTP (Hypertext Transfer Protocol) – jedn\u00e1 se o protokol z rodiny TCP\/IP a t\u00edm p\u00e1dem je mo\u017en\u00e9 jeho pomoc\u00ed p\u0159en\u00e1\u0161et \u0161irok\u00e9 spektrum dat. Text, obr\u00e1zky, video atp. Pr\u00e1v\u011b d\u00edky n\u011bmu je mo\u017en\u00e9 pou\u017e\u00edvat internet tak jak ho zn\u00e1me. Server dostane po\u017eadavek od klientsk\u00e9ho po\u010d\u00edta\u010de, zpracuje ho a po\u0161le odpov\u011b\u010f. Detailn\u011bj\u0161\u00ed popis fungov\u00e1n\u00ed nen\u00ed podstatn\u00fd. Dnes se zam\u011b\u0159\u00edm jen na prvn\u00ed a posledn\u00ed \u010d\u00e1st komunikace.<\/em><\/p>\n

Po\u017eadavek a odpov\u011b\u010f<\/h2>\n\n\n\n\n\n\n\n\n\n\n\n
Host<\/span><\/td>\n\n
example.com<\/span><\/div>\n<\/td>\n<\/tr>\n
User-Agent<\/span><\/td>\n\n
Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko\/20100101 Firefox\/56.0<\/span><\/div>\n<\/td>\n<\/tr>\n
Accept<\/span><\/td>\n\n
text\/html,application\/xhtml+xml,application\/xml;q=0.9,*\/*;q=0.8<\/span><\/div>\n<\/td>\n<\/tr>\n
Accept-Language<\/span><\/td>\n\n
cs,en-US;q=0.7,en;q=0.3<\/span><\/div>\n<\/td>\n<\/tr>\n
Accept-Encoding<\/span><\/td>\n\n
gzip, deflate<\/span><\/div>\n<\/td>\n<\/tr>\n
Connection<\/span><\/td>\n\n
keep-alive<\/span><\/div>\n<\/td>\n<\/tr>\n
Upgrade-Insecure-Requests<\/span><\/td>\n\n
1<\/span><\/div>\n<\/td>\n<\/tr>\n
Pragma<\/span><\/td>\n\n
no-cache<\/span><\/div>\n<\/td>\n<\/tr>\n
Cache-Control<\/span><\/td>\n\n
no-cache<\/span><\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Takhle nebo velmi podobn\u011b vypad\u00e1 po\u017eadavek kter\u00fd v\u00e1\u0161 prohl\u00ed\u017ee\u010d po\u0161le serveru. Je to takzvan\u00e1 hlavi\u010dka a prohl\u00ed\u017ee\u010d v n\u00ed \u0159\u00edk\u00e1 co od serveru \u010dek\u00e1 za odpov\u011b\u010f.\u00a0 A odpov\u011b\u010f mu p\u0159ijde<\/p>\n\n\n\n\n<\/tr>\n\n\n\n\n\n\n\n\n
Date<\/span><\/td>\n\n
Tue, 14 Nov 2017 09:52:56 GMT<\/span><\/div>\n<\/td>\n<\/tr>\n
Server<\/span><\/td>\n\n
Apache\/2.4.10 (Debian)<\/span><\/div>\n<\/td>\n<\/tr>\n
X-Powered-By<\/span><\/td>\n\n
PHP\/7.1.0<\/span><\/div>\n<\/td>\n<\/tr>\n
Link<\/span><\/td>\n\n
<http:\/\/example.com\/wp-json\/>; rel=“https:\/\/api.w.org\/“<\/span><\/div>\n<\/td>\n<\/tr>\n
Vary<\/span><\/td>\n\n
Accept-Encoding<\/span><\/div>\n<\/td>\n<\/tr>\n
Content-Encoding<\/span><\/td>\n\n
gzip<\/span><\/div>\n<\/td>\n<\/tr>\n
Content-Length<\/span><\/td>\n\n
17623<\/span><\/div>\n<\/td>\n<\/tr>\n
Keep-Alive<\/span><\/td>\n\n
timeout=5, max=100<\/span><\/div>\n<\/td>\n<\/tr>\n
Connection<\/span><\/td>\n\n
Keep-Alive<\/span><\/div>\n<\/td>\n<\/tr>\n
Content-Type<\/span><\/td>\n\n
text\/html; charset=UTF-8<\/span><\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

Jak vid\u00edte, je to odpov\u011b\u010f p\u0159esn\u011b podle o\u010dek\u00e1v\u00e1n\u00ed prohl\u00ed\u017ee\u010de a str\u00e1nka se v\u00e1m pak zobraz\u00ed. Bohu\u017eel v tomhle typu komunikace se skr\u00fdv\u00e1 riziko odposlechu. Tzv. Man-in-the-middle \u00fatoku, tak\u017ee kdokoli chce, m\u016f\u017ee sledovat va\u0161i komunikaci.<\/p>\n

N\u011bkoho chytr\u00e9ho kdysi napadlo, \u017ee by se dala tahle komunikace \u0161ifrovat. Jasn\u011b, server si vygeneruje certifik\u00e1t, soukrom\u00fd a ve\u0159ejn\u00fd kl\u00ed\u010d a v\u0161echno se zd\u00e1 b\u00fdt bezpe\u010dn\u00e9. Jen\u017ee se ten probl\u00e9m jenom p\u0159esunul o krok d\u00e1l. Stejn\u00fd typ \u00fatoku se d\u00e1 prov\u00e1d\u011bt d\u00e1l, jenom pot\u0159ebujete nepatrn\u011b v\u00fdkonn\u011bj\u0161\u00ed po\u010d\u00edta\u010d.<\/p>\n

A tehdy vzniklo HTTPS<\/h2>\n

Tedy alespo\u0148 tak jak ho pou\u017e\u00edv\u00e1me dnes. Certifik\u00e1ty vyd\u00e1vaj\u00ed certifika\u010dn\u00ed autority a proto to stoj\u00ed pen\u00edze. Na\u0161t\u011bst\u00ed existuje p\u00e1r zp\u016fsob\u016f jak z\u00edskat certifik\u00e1t zdarma. T\u0159eba Let’s encrypt. A p\u0159es to, \u017ee nic nestoj\u00ed, nen\u00ed na nich v\u016fbec nic \u0161patn\u00e9ho. Takov\u00fd certifik\u00e1t se ned\u00e1 podvrhnout pokud nekompromitujete spole\u010dnost kter\u00e1 ho vydala. A i p\u0159es to, \u017ee k takov\u00e9mu incidentu u\u017e do\u0161lo, nen\u00ed to \u00fapln\u011b \u010dast\u00e1 praxe.<\/p>\n

A jak to vlastn\u011b funguje?<\/h3>\n

Velmi zjednodu\u0161en\u011b, v\u00e1\u0161 po\u010d\u00edta\u010d ode\u0161le hlavi\u010dku s po\u017eadavkem na web a technologiemi, kter\u00e9 podporuje. Server po\u0161le sv\u016fj certifik\u00e1t a ve\u0159ejn\u00fd kl\u00ed\u010d, kter\u00fd bude po\u010d\u00edta\u010d pou\u017e\u00edvat k \u0161ifrov\u00e1n\u00ed odes\u00edlan\u00fdch dat a je to. No a pak u\u017e je va\u0161e komunikace \u0161ifrovan\u00e1 a data kter\u00e1 odes\u00edl\u00e1te jsou v bezpe\u010d\u00ed.<\/p>\n

Co kdy\u017e to nefunguje?<\/h3>\n

Ob\u010das se stane, \u017ee naraz\u00edte na web, kter\u00fd m\u00e1 vypr\u0161el\u00fd nebo nefunk\u010dn\u00ed certifik\u00e1t. Obvykle m\u00e1 n\u011bjak\u00fd z\u00e1lo\u017en\u00ed, self-signed (\u0161patn\u00fd certifik\u00e1t, podepsan\u00fd s\u00e1m sebou, nem\u00e1te jistotu, \u017ee v\u00e1s n\u011bkdo nesleduje). V\u011bt\u0161inou sta\u010d\u00ed po\u010dkat, on si toho n\u011bkdo v\u0161imne. Prohl\u00ed\u017ee\u010d v\u00e1s na takovou situaci upozorn\u00ed.<\/p>\n

Tak\u00e9 je mo\u017en\u00e9, \u017ee se v\u00e1m m\u00edsto zelen\u00e9ho z\u00e1mku zobraz\u00ed \u017elut\u00fd. To znamen\u00e1 tzv. mixed content. N\u011bkter\u00e9 \u010d\u00e1sti web\u016f jsou zabezpe\u010den\u00e9 a n\u011bkter\u00e9 ne. Teoreticky to m\u016f\u017ee znamenat, \u017ee je web kompromitovan\u00fd, v\u011bt\u0161inou to, ale je jenom n\u011bjak\u00e1 nepozornost majitele a nic to neznamen\u00e1. P\u0159esto si dejte pozor pokud takov\u00e9mu webu d\u00e1v\u00e1te sv\u00e1 data.<\/p>\n

Jak nasadit HTTPS do WordPressu?<\/h3>\n

Existuj\u00ed dva zp\u016fsoby. Bu\u010fto m\u016f\u017eete pou\u017e\u00edt plugin WP Force SSL<\/a>, kter\u00fd bude vynucovat https i u odkaz\u016f, kter\u00e9 b\u011b\u017e\u00ed na http. Bohu\u017eel tohle \u0159e\u0161en\u00ed s sebou nese leh\u010d\u00ed v\u00fdkonov\u00fd postih a m\u016f\u017ee zp\u016fsobit i jin\u00e9 poruchy, nej\u010dast\u011bji nekone\u010dnou smy\u010dku.<\/p>\n

Druh\u00e1 mo\u017enost je, \u017ee si d\u00e1te tu pr\u00e1ci a v\u0161echny odkazy v datab\u00e1zi p\u0159ep\u00ed\u0161ete z http na https. Nejjednodu\u0161\u0161\u00ed je pou\u017e\u00edt plugin better search and replace<\/a> a prost\u011b nahradit jedno za druh\u00e9. Bohu\u017eel tahle varianta v\u00e1m pom\u016f\u017ee jenom pokud v\u00e1\u0161 hosting um\u00ed vynutit p\u0159esm\u011brov\u00e1n\u00ed na https. Pokud ne, tak m\u016f\u017eete zkusit toto nastaven\u00ed souboru htaccess.<\/p>\n

RewriteEngine On
\nRewriteCond %{HTTPS} !=on
\nRewriteRule ^.*$ https:\/\/%{SERVER_NAME}%{REQUEST_URI} [R,L]<\/code><\/p>\n

V p\u0159\u00edpad\u011b, \u017ee m\u00e1te VPS nebo server, tento probl\u00e9m v\u011bt\u0161inou odpad\u00e1.<\/p>\n","protected":false},"excerpt":{"rendered":"

V posledn\u00ed dob\u011b je HTTPS velk\u00e9 t\u00e9ma, ale princip fungov\u00e1n\u00ed tohoto protokolu je v\u011bt\u0161inou nejasn\u00fd. V \u010dl\u00e1nku najdete z\u00e1kladn\u00ed popis, a zp\u016fsoby jak vyu\u017e\u00edt HTTPS ve Wordpressu.<\/p>\n","protected":false},"author":1,"featured_media":4563,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[193],"class_list":["post-4541","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bezpecnost-wordpressu","tag-https"],"_links":{"self":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/4541"}],"collection":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/comments?post=4541"}],"version-history":[{"count":0,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/posts\/4541\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media\/4563"}],"wp:attachment":[{"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/media?parent=4541"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/categories?post=4541"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/affinite.io\/cs\/wp-json\/wp\/v2\/tags?post=4541"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}