Full SSL

[James101]

i wanna give my users a choice if they want to access the site with https or http?

How can i do that?

[Rhett]

38 minutes ago, priyesh.mehta94@gmail.com said:

i wanna give my users a choice if they want to access the site with https or http?

How can i do that?

You have to run the site under one url, you can use https or http but you can't have both I'm afraid. So in this case you can't give them the option and it's something you would set the site up as you see fit.

[Makoto]

1 hour ago, priyesh.mehta94@gmail.com said:

i wanna give my users a choice if they want to access the site with https or http?

How can i do that?

There's really no reason your users should not want to use HTTPS if they actually understand the differences between the two.

[abobader]

Hi @Makoto

When we switch to https, now imgur tag now working, the settings are:

http://(www.)?imgur.com/a/([\d\w-_]+?)$

 

<iframe width="100%" height="550" frameborder="0" src="http://imgur.com/a/$2/embed"></iframe>

Thanks in advanced.

 

[abobader]

I forgot to add that we modify iframe to be:

<iframe width="100%" height="550" frameborder="0" src="https://imgur.com/a/$2/embed"></iframe>

But that did not work.

[Michael Napierala]

We have a Wildcard SSL that covers the main site and all of it's subdomain. The forum is installed as a subdomain. When I enable SSL on the main site and update the board url in the config to point to the https version, our forum breaks. Any page that we access is automatically redirected to the main site. Am I missing something here? Any help would be appreciated.

Thanks in advance.

[ABGenc]

@sadams101 I have switched one of my sites to https and did not do any changes to .htacess file. I have only changed site base url to https in conf_global.php and it was all done automatically 

[sadams101]

I did that and redirects do no work. Try taking out the "s" on one of your forum links and see if it automatically redirects to the same page with https. Mine definitely does not.

[AlexJ]

On 11/17/2014 at 6:04 PM, Makoto said:

HSTS only works when the client makes an initial HTTPS connection however, so it's not an alternative for permanent redirects.

Optimally, you should have your web server 301 redirect the user from HTTP pages to HTTPS pages, not just IP.Board. This will cause all static resources to be redirected as well. HSTS is added protection that will prevent the client from accepting connections over HTTP after a secure connection has already been established, HSTS headers are ignored over standard HTTP connections.

Add the following line to your Apache configuration (or root .htaccess file) to force HTTPS redirects,

RewriteEngine On
# This will enable the Rewrite capabilities

RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS

RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e.  http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context

Or if you're using Nginx,

server {
       listen         80;
       server_name    example.org www.example.org;
       return         301 https://$server_name$request_uri;
}

 

I tried to add the same rewrite rule and it causes redirect loop. I am not experience in rewrite so any help would be appreciated. Here is my current - rule - 

 

<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule \.(jpeg|jpg|gif|png)$ /public/404.php [NC,L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

 

[IveLeft...]

10 hours ago, AlexJ said:

I tried to add the same rewrite rule and it causes redirect loop. I am not experience in rewrite so any help would be appreciated. Here is my current - rule - 

 

<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule \.(jpeg|jpg|gif|png)$ /public/404.php [NC,L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

 

@AlexJ Add this to the end before IfModule

# all http to https

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

 

So you get

<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule \.(jpeg|jpg|gif|png)$ /public/404.php [NC,L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# all http to https
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

</IfModule>

 

[AlexJ]

On 2/5/2017 at 9:25 AM, Muddy Boots said:

@AlexJ Add this to the end before IfModule

# all http to https

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

 

So you get

<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule \.(jpeg|jpg|gif|png)$ /public/404.php [NC,L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# all http to https
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

</IfModule>

 

Here my website link - http://fearless-assassins.com

I managed to get redirect working through cloudflare re-write option but I don't want to use cloudflare since it's making forum slow. As soon as I add your rewrite option - I again get too many redirect error. Not sure what's wrong. 

I use IP.Content as default application and everything is under \public_html\ folder. 

[IveLeft...]

If i go to your website and put in Http:// your website - it redirects to https:// your website ?

 

[ABGenc]

Is there a specific reason for you to play with .htacess ?

When I have changed one of my sites from http to https, the only thing I had done for redirection was to change the following config in conf_global.php

from

$INFO['board_url']			=	'http://www.mysite.com';

to

$INFO['board_url']			=	'https://www.mysite.com';

All redirections were done by suite itself.

[AlexJ]

12 hours ago, Muddy Boots said:

If i go to your website and put in Http:// your website - it redirects to https:// your website ?

 

Nop it doesn't all the time. http://fearless-assassins.com/ - Just click and it will not go to HTTPS one. 

11 hours ago, ABGenc said:

Is there a specific reason for you to play with .htacess ?

When I have changed one of my sites from http to https, the only thing I had done for redirection was to change the following config in conf_global.php

from

$INFO['board_url']			=	'http://www.mysite.com';

to

$INFO['board_url']			=	'https://www.mysite.com';

All redirections were done by suite itself.

Somehow landing page is not redirected to https when someone opens up or lands on http://fearless-assassins.com/

[IveLeft...]

Every time i click and visit i always go the the https version, even if i type in http it redirects to https. You do have some non http content on your site though and firefox is showing a yellow ! warning.

[AlexJ]

7 hours ago, Muddy Boots said:

Every time i click and visit i always go the the https version, even if i type in http it redirects to https. You do have some non http content on your site though and firefox is showing a yellow ! warning.

hrm i am not sure then why it doesn't redirect me and users on my forums. I have tried clearing my browser cache and still no go for me. Not sure what's wrong. I believe HTTP content would be the images. I need to figure out some way to update all HTTP:// url to HTTPS:// in the database for all posts.

[ABGenc]

10 hours ago, AlexJ said:

hrm i am not sure then why it doesn't redirect me and users on my forums. I have tried clearing my browser cache and still no go for me. Not sure what's wrong. I believe HTTP content would be the images. I need to figure out some way to update all HTTP:// url to HTTPS:// in the database for all posts.

Your site seems to be 3.4.x. Some comments like mine might be 4.1 related and might mis-direct you. 

[sadams101]

Even this forum is getting warnings about security...I did have to tinker a lot to get mine to not give warnings.

PS - Does anyone know what happened to minify??? It is no longer working on my IPB4 board.

[Cyboman]

19 hours ago, sadams101 said:

Even this forum is getting warnings about security...I did have to tinker a lot to get mine to not give warnings.

Interesting, what did you tinker to not give any warnings? Warnings are not good for any business. Please let us know.

[sadams101]

In the case of this forum, for example, to emoticons are not being inserted with https. They are using  http://community.invisionpower.com/uploads/emoticons/smile.png