Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Forcing everything to use https
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Forcing everything to use https

Hello all

How to make it so that nobody can have access to my website with out https?

Like this website for instance. I typed "lowendtalk.com" and when I lock in my browser address bar and when I look (hear) at it I see "https://www.lowendtalk.com/"

I am using ubuntu 16.04 with apache and my ssl is Letsincript

«1

Comments

  • Awmusic12635Awmusic12635 Member, Host Rep

    setup a redirect to https ?

  • By the dns? I tried that and firefox web browser was not happy.

    I am using namecheep.

    Or do you meen in apache itself?

  • saibalsaibal Member
    edited December 2017

    `

    . . .

        Redirect "/" "https://your_domain_or_IP/"
    
        . . .
    


    `

  • Strangely when I type "www.example.com" I get https,

    but when I type

    "example.com" I get no https

  • no, in the .htaccess file!

    RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

    https://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file

  • robohostrobohost Member
    edited December 2017

    add to .htaccess

    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    Thanked by 2classy bersy
  • @robohost said:
    add to .htaccess

    RewriteEngine On
    > RewriteCond %{HTTPS} off
    > RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    Just note that if your using CF, you should change to Full SSL mode first, or you will get redirection error

    Thanked by 3WSS classy Droidzone
  • doghouchdoghouch Member
    edited December 2017

    @saibal said:
    `

    . . .

        Redirect "/" "https://your_domain_or_IP/"
    
        . . .
    


    `

    What the hell is this? Format it properly, man.

    Plus, he can’t configure VirtualHosts anyway since he’s on a shared package with NC.

    Thanked by 1hammer
  • @doghouch
    I am actually using a vps. Should have said that in my first post.

  • Can't help with apache but if you decided to try nginx this should work.

    location / {    
        return 301 https://$host$request_uri;
    }
    
    Thanked by 1hammer
  • Thanks for suggestions so far. But like an ass, I made a perminant redirect in my basic dns in name cheep to https and even though I removed it it still seems to be active. It caused chaotic behaviour among the browsers.

    On google chrome it worked like a dream.

    On firefox it said the connection was not secure.

    On edge it used http.

    On safari (iphone) it also worked like a dream.

  • @hammer said:
    @doghouch
    I am actually using a vps. Should have said that in my first post.

    You're using a NC VPS? .... why?

  • @sanvit said:

    @robohost said:
    add to .htaccess

    RewriteEngine On
    > > RewriteCond %{HTTPS} off
    > > RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    Just note that if your using CF, you should change to Full SSL mode first, or you will get redirection error

    Where do I put full ssl directive?

    @doghouch
    what is NC

  • @hammer NC = Namecheap

  • @hammer NameCheap

    You add that to the .htaccess file. It is located in the main directory of your site. Have to turn on show hidden files.

  • Btw, if you are using wordpress, you have to change the settings so wordpress knows you are https, otherwise your website will go haywire. I believe all you have to do is change your site url to the https address.

  • sanvitsanvit Member
    edited December 2017

    @hammer said:

    @sanvit said:

    @robohost said:
    add to .htaccess

    RewriteEngine On
    > > > RewriteCond %{HTTPS} off
    > > > RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    Just note that if your using CF, you should change to Full SSL mode first, or you will get redirection error

    Where do I put full ssl directive?

    @doghouch
    what is NC

    IF you are using CloudFlare proxy, it's on the CRYPTO section

  • @hammer Listen to sanvit. If you’re using CloudFlare (proxy enabled), you’ll get an infinite redirect when you add a redirect in your .htaccess.

  • hammer said: Thanks for suggestions so far. But like an ass, I made a perminant redirect in my basic dns in name cheep to https and even though I removed it it still seems to be active. It caused chaotic behaviour among the browsers.

    if you changed DNS entries/settings give it a moment to propagate correctly and make sure the old entries are not cached by provider/router/windows/browser whatsoever.

  • @smallbibi said:
    Btw, if you are using wordpress, you have to change the settings so wordpress knows you are https, otherwise your website will go haywire. I believe all you have to do is change your site url to the https address.

    @hammer if on WordPress... use this plugin
    https://wordpress.org/plugins/really-simple-ssl/

  • Also it's almost 2018 don't have www. In your redirect

    Thanked by 1nobizzle
  • Ok thanks all My issues have been solved thanks. I am not sure what did it. the Virtual host, or the HTaccess modifications.

    I will remove the htaccess redirect thing though and see what happens.

    Thank you all.

  • @doghouch
    I am only using name cheep for the domane and basic dns it provides.

    My vps is with vmhaus.

    Thanked by 1doghouch
  • edited December 2017

    @corbpie said:
    Also it's almost 2018 don't have www. In your redirect

    Visit google.com. What happens? Are they doing it all wrong?

  • adlyadly Veteran
    edited December 2017

    @LosPollosHermanos said:
    Visit google.com. What happens? Are they doing it all wrong?

    It redirects to https://www.google.cctld, where ccTLD is your country code's TLD.

  • Set up a http redirect and use hsts.

  • Or, you could just set the IP for both, and ServerAlias them so you don't have a pointless redirect. NoWWW is so 2004.

    Thanked by 1Falzo
  • mfsmfs Banned, Member
    edited December 2017

    This. Visitors who already visited you over HTTPS won't accidentally hit HTTP again, without the need for your server to redirect them to a TLS connection. It's better than 301 as it covers the entire domain and it is conceived with security in mind. In theory, you could even leave port 80 closed, returning visitors entering the domain name manually after a first contact over HTTPS will get automatically redirected by their browser, before accessing the server to HTTPS. Without HSTS and a using only a 301, a returning visitor who visited your site via HTTPS but who didn't visit it over HTTP yet would be theoretically vulnerable to MiTM attacks. HSTS uses a separate, typically long-expiring cache (usually set server-side to six months) separated from the one used by 301 redirects. The obvious downside is that you should be prepared to serve everything over a TLS connection for at least the period you declare in HSTS.

    WSS said: IP for both, and ServerAlias them

    b-but muh SEO

    hammer said: Like this website for instance. I typed "lowendtalk.com" and when I lock in my browser address bar and when I look (hear) at it I see "https://www.lowendtalk.com/"

    http://lowendtalk.com redirects (301) to https://www.lowendtalk.com , but https://lowendtalk.com doesn't redirect

  • i let runcloud (aff in signature) take care of that for me. yes, I am lazy..

  • If you are using Nginx

    if ( $scheme = http ){
    return 301 https://$server_name$request_uri;
    }

Sign In or Register to comment.