Jump to content

SSL setup

andy1212

By andy1212
in Apache HTTP Server

 Share
Go to solution Solved by andy1212,

Recommended Posts

andy1212 Member

andy1212

Posted
Posted (edited)

I just purchased an SSL cert and dedicated IP and the way I set it up before was that I'd put this code at the top of each page,

 

for non https pages:

if ($_SERVER['SERVER_PORT']!=80) {
   $url = "http://".$_SERVER['SERVER_NAME'].":80".$_SERVER['REQUEST_URL'];
   header('Location: $url');
}

for https pages

if ($_SERVER['SERVER_PORT']!=443) {
   $url = "http://".$_SERVER['SERVER_NAME'].":443".$_SERVER['REQUEST_URL'];
   header('Location: $url');
}

So doing that before was a big job because I had to go into every page add the code at the top and then save and upload to the server and now when trying to do that it doesn't seem to be working properly. But I did some searching and alot of people say that you don't need to set it up with any pages it needs to be setup on the server, so I really want to know how to do it that way. I couldn't find a tutorial on how to do this but If someone knows of one or knows how to accomplish setting up the SSL cert with a website and can give me steps on how that would be great. Pretty much I just want to have the login, register, forgot pass, account and shopping cart pages to all start with https and show that the pages are secured with the key or box in the url bar of the browser and all my backend pages to have that too and all the other pages just have http. Thanks for your time and help in advance.

Edited by andy1212
Link to comment
Share on other sites
andy1212 Member

andy1212

Posted
  • Author
Posted (edited)

would the https pages need to be in a seperate folder or can this be done without putting the pages that I want https in a separate folder but instead in the same place as http pages. btw thanks for the reply!

Edited by andy1212
Link to comment
Share on other sites
kicken Prolific Member

kicken

Posted
Posted

It'd make it much easier if you isolate them to their own folder, as then you could just apply a blanket rule to all pages in that folder.

 

You could however do it on a page-by-page basis if you really need to by including extra conditions in your mod_rewrite rules.

Link to comment
Share on other sites
andy1212 Member

andy1212

Posted
  • Author
Posted (edited)

hey thanks for the reply, I ended up putting them in their own folder and I'll do the apache redirect for that folder. Thanks!

 

I tried marking you both as solved but didn't work, only would let me mark one.

Edited by andy1212
Link to comment
Share on other sites
andy1212 Member

andy1212

Posted
  • Author
Posted (edited)

For instance if you go to google search its an http page with no ssl encryption. Then if you go to gmail.com to login it is https and ssl encrypted. And thats the way alot of successful websites do it so there must be a reason behind it and the best reason ive found is because of the speed with https and http.

Edited by andy1212
Link to comment
Share on other sites
kicken Prolific Member

kicken

Posted
Posted

SSL is not going to significantly slow down your site, and having it always on makes for a nice re-assurance to end users. Google is always-on SSL, so is Facebook. They both do that because the realized it's silly to try and only use SSL for certain pages, and easier to just have it always on. I've setup my own site to be always-on SSL as well for the same reason.

 

End users like seeing that SSL is enabled and their traffic is encrypted. Enabling it always is going to make users feel safer on your site.

Link to comment
Share on other sites
trq Prolific Member

trq

Posted
Posted

For instance if you go to google search its an http page with no ssl encryption. Then if you go to gmail.com to login it is https and ssl encrypted. And thats the way alot of successful websites do it so there must be a reason behind it and the best reason ive found is because of the speed with https and http.

Google and Gmail are two different sites. Most successful websites have moved entirely to https. Looks at facebook, twitter and github.

 

As kicken said, "SSL is not going to significantly slow down your site" & "End users like seeing that SSL is enabled and their traffic is encrypted. Enabling it always is going to make users feel safer on your site."

Link to comment
Share on other sites
  • Solution
andy1212 Member

andy1212

Posted
  • Author
  • Solution
Posted

Awesome! I ended up putting all pages that need the https:// in the url in their own directory called "secure" and putting in the .htaccess file,

RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} ^/secure/?.*$
RewriteRule ^(.*)$ https://www.website.com/$1 [R=301,L]

Now if it's not too much trouble, can I direct you guys over to this thread where I really need help, this issue here wasn't to hard to figure out but the real problem is here, and started a new thread to see if there is a better way to do it here. Thanks!

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.