How do I force all users to access my site VIA SSL. Im aware of the htaccess trick, but is there a feature integrated through ipb? If not there should be

.

System > Login Handlers ..

my site is totally https so your setting can be little bit different, the slider should work ..

Mind that your SSL config on the server is all set.

 

 

.

Im well aware of that, but what I'm wanting is it to be fully ssl, not just for logins. For example if you go to my main domain it automatically switches you to https due to the .htaccess config, so that any folder accessed it will automatically switch to https. However this doesn't work for sub domains unless you have a wild card, so i got a separate one because it would be cheaper, any who this still comes down to as if there is a way to do it through acp and have it use ssl on everything rather than just logins without using that one feature that only covers the login's. Huge thing for me especially is when people start using the commerce app.

.htaccess

<IfModule mod_rewrite.c>

Options +FollowSymlinks
RewriteEngine on
RewriteBase /

RewriteCond %{SERVER_PORT} !^443$ 
RewriteCond %{HTTPS}  off 
RewriteRule ^(.*)$ https://domain.com/$1 [R=301,L]

</IfModule>

.

 

In NGINX there is this & I guess something similar must be there for Apache ..

 

    add_header Strict-Transport-Security max-age=31536000;
    return 301 https://$host$request_uri;

 

This is when it listens to port 80 (with the 301 redirect) .. if your browser reads this extra header it will lock itself only to HTTPS for your domain ..

 

.

.htaccess

<IfModule mod_rewrite.c>

Options +FollowSymlinks
RewriteEngine on
RewriteBase /

RewriteCond %{SERVER_PORT} !^443$ 
RewriteCond %{HTTPS}  off 
RewriteRule ^(.*)$ https://domain.com/$1 [R=301,L]

</IfModule>

​Im aware of this, and unfortunately if i use this, it gives a loop direct and doesn't load a thing when you use certain things like register.

.

 

In NGINX there is this & I guess something similar must be there for Apache ..

 

    add_header Strict-Transport-Security max-age=31536000;
    return 301 https://$host$request_uri;

 

This is when it listens to port 80 (with the 301 redirect) .. if your browser reads this extra header it will lock itself only to HTTPS for your domain ..

 

.

​Im not too sure what nginx is but my host uses apache. Is there no way to make commerce atleast force use ssl.. I want the whole board to be but if I use the .htaccess some things don't load because of a loop.

.

How are your friendly URL's look like all HTTP or HTTPS ?

 

.

 

 

I believe http because Iv not changed any

I believe http because Iv not changed any

​.

I configure my server with HTTPS from the beginning and making sure there is a forced redirect from HTTP to HTTPS .. before I even install IPS ..

If all that works .. then I start to install IPS ..

I don't believe there is any switch to do a global HTTPS or HTTP on the fly .. some pages it can only be forced like login and commerce checkout (and that's it)

If you are up to it .. start clean with HTTPS (include Google SPDY) and build your IPS on top ..

Otherwise I suggest you better send in a support ticket with "" I'm running HTTP and want to change to full HTTPS "" .. better do this then breaking your site ..

 

.

 

I believe http because Iv not changed any

​.

Use this to change your URL to total HTTPS .. I guess it can be done .. not sure though .. but it is all about your URL anyway ..

 

http://community.invisionpower.com/4docs/system-management/change-your-url-r96/

 

 

.

If you are using 4.0, you don't need any fancy re-directs, it will pull the ulr as you have it in your config_global.php file.  If you are using 3.4.x then yes you can use htaccess to force this if needed. 

If you are using 4.0, you don't need any fancy re-directs, it will pull the ulr as you have it in your config_global.php file.  If you are using 3.4.x then yes you can use htaccess to force this if needed. 

So configuring the config global will automatically make my board fully ssl? But having doing that will it conflict if the ssl setting through the login acp section is turned on?

So configuring the config global will automatically make my board fully ssl? But having doing that will it conflict if the ssl setting through the login acp section is turned on?

​.

Yes it will become fully SSL and other settings in your ACP will be automatically set/locked ..

 

.