Default to HTTPS

[Craig]

Hey everyone,

Trying to ensure HTTPS://mywebsite.com is served instead of HTTP. My webhost said to include the following lines of code in the .htaccess file.


RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


They also said also this forces directly linked resources (images, css, etc.) to use https:

Where in this file do I place this code and do I need to remove or uncomment any code?

Just making sure Chevereto does not have its own way of defaulting to HTTPS.

Thanks!

 

[Neto98]

I think that Chevereto should have an option to enable https, but I think it does not have it, the .htaccess file is hidden in the main directory folder of your domain, you have to enable the hidden files or modify it from ftp

 

[Craig]

I think that Chevereto should have an option to enable https, but I think it does not have it, the .htaccess file is hidden in the main directory folder of your domain, you have to enable the hidden files or modify it from ftp

Hey thanks for responding. I am able to locate and access the .htaccess file. Just want to make sure what they are saying works for Chevereto and that I place the code in the right location in the file.

 

[Neto98]

Because for me it's okay, maybe @Rodolfo can tell us if this is correct,

 

[Rodolfo]

Actually it will depend on your server and for apache that code should work fine. The file is /.htaccess and it should look like this if we mix that code with Chevereto's .htaccess.

# Disable server signature
ServerSignature Off

# Disable directory listing (-indexes), Multiviews (-MultiViews) and enable Follow system links (+FollowSymLinks)
Options -Indexes
Options -MultiViews
Options +FollowSymLinks

<IfModule mod_rewrite.c>

    RewriteEngine On

    # If you have problems with the rewrite rules remove the "#" from the following RewriteBase line
    # You will also have to change the path to reflect the path to your Chevereto installation
    # If you are using alias is most likely that you will need this.
    #RewriteBase /

    RewriteCond %{HTTPS} !=on
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    # 404 images
    # If you want to have your own fancy "image not found" image remove the "#" from RewriteCond and RewriteRule lines
    # Make sure to apply the correct paths to reflect your current installation
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule images/.+\.(gif|jpe?g|png|bmp) - [NC,L,R=404]
    #RewriteRule images/.+\.(gif|jpe?g|png|bmp) content/images/system/404.gif [NC,L]
 
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} !\.(css|js|html|htm|rtf|rtx|svg|svgz|txt|xsd|xsl|xml|asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|exe|gif|gz|gzip|ico|jpe?g|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|swf|tar|tif|tiff|wav|wma|wri|xla|xls|xlsx|xlt|xlw|zip)$ [NC]
    RewriteRule . index.php [L]
 
</IfModule>

Please note that in some servers / hosting companies HTTPS redirection must be configured by other means. In that case please refer to the documentation of your hosting company.

 

[Neto98]

@Rodolfo I test the code and it works, but note that when entering directly an image "example.com/image/xxxx.png" does not redirect to "https://example.com/image/xxxx.png" it can be solved this?

 

[Rodolfo]

The https rule should work for any given request. If you have issues check it with your hosting company and make sure that you don't have any browser cache.

 

[Neto98]

Is that correct functioning properly

Thank you!

 

[stux]

How about force www or non-www?

 

[bee]

How about force www or non-www?

http://lmgtfy.com/?q=htaccess+www+and+non-www

 

[Craig]

Is that correct functioning properly

Thank you!

The code did allow my site to load securely but it did not force the https. I was getting error... too many redirects, from my browser. I use Cloudflare through my webhost and created a page rule for my site. That finally forced the https to load.

 

[Rodolfo]

I don't know why people mess up this redirect stuff all time. Not only in this topic but I always see that people struggle with this. Just Google it and you will find answers for everything related with this stuff. This is entirely server configuration, not related to Chevereto at all so if you have issues check your server or ask your hosting company.

 

[Rodolfo]

I think that Chevereto should have an option to enable https, but I think it does not have it, the .htaccess file is hidden in the main directory folder of your domain, you have to enable the hidden files or modify it from ftp

Chevereto won't touch that .htaccess file because that's server setup, Chevereto won't mess with that.

 

[bangsters]

Hey guys. I have HTTPS redirected on mine via .htaccess. I was wondering if there is a way to have the redirect only when the user is logged in? Also, are spiders or search engines able to crawl your site even if it's set to https?

 

[Rodolfo]

Every load should be https, there's no point to enable it just for login. Crawlers will crawl your https website without hassle.

 

[Barry]

Hey guys. I have HTTPS redirected on mine via .htaccess. I was wondering if there is a way to have the redirect only when the user is logged in? Also, are spiders or search engines able to crawl your site even if it's set to https?

Google prefers if the site is https, so no reason not to enable it sitewide.

 

[bangsters]

Every load should be https, there's no point to enable it just for login. Crawlers will crawl your https website without hassle.

Google prefers if the site is https, so no reason not to enable it sitewide.

Thanks guys!!