Jump to content

SSL


Elision Magazine
 Share

Recommended Posts

Im well aware of that, but what I'm wanting is it to be fully ssl, not just for logins. For example if you go to my main domain it automatically switches you to https due to the .htaccess config, so that any folder accessed it will automatically switch to https. However this doesn't work for sub domains unless you have a wild card, so i got a separate one because it would be cheaper, any who this still comes down to as if there is a way to do it through acp and have it use ssl on everything rather than just logins without using that one feature that only covers the login's. Huge thing for me especially is when people start using the commerce app.

Edited by IdleHub
Link to comment
Share on other sites

.

 

In NGINX there is this & I guess something similar must be there for Apache ..

 

    add_header Strict-Transport-Security max-age=31536000;
    return 301 https://$host$request_uri;

 

This is when it listens to port 80 (with the 301 redirect) .. if your browser reads this extra header it will lock itself only to HTTPS for your domain ..

 

.

Link to comment
Share on other sites

.htaccess

<IfModule mod_rewrite.c>

Options +FollowSymlinks
RewriteEngine on
RewriteBase /

RewriteCond %{SERVER_PORT} !^443$ 
RewriteCond %{HTTPS}  off 
RewriteRule ^(.*)$ https://domain.com/$1 [R=301,L]

</IfModule>

​Im aware of this, and unfortunately if i use this, it gives a loop direct and doesn't load a thing when you use certain things like register.

.

 

In NGINX there is this & I guess something similar must be there for Apache ..

 

    add_header Strict-Transport-Security max-age=31536000;
    return 301 https://$host$request_uri;

 

This is when it listens to port 80 (with the 301 redirect) .. if your browser reads this extra header it will lock itself only to HTTPS for your domain ..

 

.

​Im not too sure what nginx is but my host uses apache. Is there no way to make commerce atleast force use ssl.. I want the whole board to be but if I use the .htaccess some things don't load because of a loop.

Link to comment
Share on other sites

I believe http because Iv not changed any

​.

I configure my server with HTTPS from the beginning and making sure there is a forced redirect from HTTP to HTTPS .. before I even install IPS ..

If all that works .. then I start to install IPS ..

I don't believe there is any switch to do a global HTTPS or HTTP on the fly .. some pages it can only be forced like login and commerce checkout (and that's it)

If you are up to it .. start clean with HTTPS (include Google SPDY) and build your IPS on top ..

Otherwise I suggest you better send in a support ticket with "" I'm running HTTP and want to change to full HTTPS "" .. better do this then breaking your site ..

 

.

 

Link to comment
Share on other sites

If you are using 4.0, you don't need any fancy re-directs, it will pull the ulr as you have it in your config_global.php file.  If you are using 3.4.x then yes you can use htaccess to force this if needed. 

So configuring the config global will automatically make my board fully ssl? But having doing that will it conflict if the ssl setting through the login acp section is turned on?

Link to comment
Share on other sites

So configuring the config global will automatically make my board fully ssl? But having doing that will it conflict if the ssl setting through the login acp section is turned on?

​.

Yes it will become fully SSL and other settings in your ACP will be automatically set/locked ..

 

.

Link to comment
Share on other sites

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...