Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Moving from HTTP to HTTPS


pafranklin

Recommended Posts

Hi,

With news, rumors and articles suggesting that Google is starting to de-rank  sites that are not HTTPS across the entire site I just want to double check how I do this.

I currently have an SSL in place so is it simply a question of amending the 2 configure.php files on the admin and frontend?

Any pointers would be very gratefully received!

Paul

You will never learn if you don't try. And boy am I trying....!

Link to comment
Share on other sites

Two things to do:

  1. Change the two configure.php files to use https everywhere, rather than both http and https. You want all your site internal links to be https.
  2. Check for incoming http requests (such as old bookmarks and search engine entries) and redirect them to https (in .htaccess or similar) with a 301 status. You want to inform all visitors that the site is now https, especially search engines.
Link to comment
Share on other sites

Thank you all for the comments.

When I made the changes to the catalog/includes/configure file when the site went to checkout the pages lost all CSS, images and layout (as enclosed). Is this because I still need to make the changs to .htaccess?

Thanks in advance.

Paul

ScreenClip.png

You will never learn if you don't try. And boy am I trying....!

Link to comment
Share on other sites

  • 8 months later...
On 4/28/2018 at 1:46 PM, pafranklin said:

Thank you all for the comments.

When I made the changes to the catalog/includes/configure file when the site went to checkout the pages lost all CSS, images and layout (as enclosed). Is this because I still need to make the changs to .htaccess?

Thanks in advance.

Paul

ScreenClip.png

Hey, I have same problem. How did you fix it? Tx, Gasper

Link to comment
Share on other sites

@gassko

This does not look like a redirect problem. Post both of your configure.php files (there are two: one in /catalog/includes/, and the other in /catalog/<your admin directory name>/includes/). Be sure to edit our personal information, especially your database name, database admin user name, and database admin password.

M

Link to comment
Share on other sites

On 1/12/2019 at 10:43 PM, ArtcoInc said:

@gassko

This does not look like a redirect problem. Post both of your configure.php files (there are two: one in /catalog/includes/, and the other in /catalog/<your admin directory name>/includes/). Be sure to edit our personal information, especially your database name, database admin user name, and database admin password.

M

Hey Artcolnc, I have missed configure file in admin directory. Fixed it. Thanks!!!

Link to comment
Share on other sites

1 hour ago, gassko said:

I have also set up .htaccess redirect and now I cannot access adim site. 

Sorry for second point you need to check and make sure your admin config seeting match your redirect.

Or try stock redirect.

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
# this makes it a permanent redirect
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

 

 

Link to comment
Share on other sites

This redirect will not work correctly. If the incoming URL is http://domain.com..., it will rewrite to https://domain.com..., when the OP wants https://www.domain.com...  Or, if the incoming URL is https://www.domain.com, it will redirect to... https://www.domain.com...! (probably a 500 error loop) This is why you never use HTTP_HOST in the rewrite -- you always hard code the domain name (with or without the www, as the version you are trying to use).

%{HTTP_HOST} is not some canonical form. It is what the visitor typed in as the address, and could have (at a minimum) www or be missing it.

Link to comment
Share on other sites

1 hour ago, gassko said:

I still dont have secure connection. Any idea why?

You are using a custom template which is calling many of it's resources from http: sites. You can either go back to the person you got the template and ask for an update to a SSL version or edit all the files to replace http with https and if they all have https alternatives ( and they probably will) you should be fine.

 

Link to comment
Share on other sites

14 hours ago, MrPhil said:

This redirect will not work correctly. If the incoming URL is http://domain.com..., it will rewrite to https://domain.com..., when the OP wants https://www.domain.com...  Or, if the incoming URL is https://www.domain.com, it will redirect to... https://www.domain.com...! (probably a 500 error loop) This is why you never use HTTP_HOST in the rewrite -- you always hard code the domain name (with or without the www, as the version you are trying to use).

%{HTTP_HOST} is not some canonical form. It is what the visitor typed in as the address, and could have (at a minimum) www or be missing it.

Thank you for answer. What redirect should I use then? Before SSL I had: 

RewriteEngine On
RewriteCond %{HTTP_HOST} ^datalogger-shop.eu
RewriteRule (.*) http://www.datalogger-shop.eu/shop/$1 [R=301,L]

and I could normaly access admin page, now I cant. 

 

Link to comment
Share on other sites

14 hours ago, JcMagpie said:

You are using a custom template which is calling many of it's resources from http: sites. You can either go back to the person you got the template and ask for an update to a SSL version or edit all the files to replace http with https and if they all have https alternatives ( and they probably will) you should be fine.

Thank you for answer. 

Unfortunatly person who got me template and was doing all the hard work on my oscommerce shop has passed away. 

I will try and change all files with http to https.

Link to comment
Share on other sites

Instructions courtesy of one of the internets largest hosting companys! I think they know what they are talking about, as allways your free to take other advice. If in any doubt talk to your hosting company and they will be in best place to advise you.
 

Redirect All Web Traffic

To force all web traffic to use HTTPS, add the following lines of code in the .htaccess file in your website's root folder.

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Redirect Only Specified Domain

To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website's root folder:

RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine On 
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

 

If this doesn't work, try removing the first two lines

RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

Redirect Specified Folder

If you want to force SSL on a specific folder, insert the code below into a .htaccess file placed in that specific folder:

RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} folder
RewriteRule ^(.*)$ https://www.example.com/folder/$1 [R=301,L]

NOTE: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.

 

Link to comment
Share on other sites

1 hour ago, gassko said:

Unfortunatly person who got me template and was doing all the hard work on my oscommerce shop has passed away. 

If you need help there are some very good developers on this forum that i'm sure would be able to help you with this. Otherwise just post or pm if the info is sensative if you need more help.

 

Link to comment
Share on other sites

7 hours ago, gassko said:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^datalogger-shop.eu
RewriteRule (.*) http://www.datalogger-shop.eu/shop/$1 [R=301,L]

I would try

RewriteEngine On
RewriteCond %{HTTPS}  !on  [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.datalogger-shop.eu/shop/$1 [R=301,L] 

This should change http: to https: and add www. to the domain name if it's missing. Sometimes %{HTTPS} acts a little weird, and you may need to test =off or 0 instead of !on. Your host should know for sure. Also, sometimes they add a couple lines to exclude some SSL identification stuff.

Link to comment
Share on other sites

  • 2 weeks later...

Apache

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Nginx

server {
    listen 80;
    server_name your-site.com www.your-site.com;
    return 301 https://your-site.com$request_uri;
}

Links removed.

 

Link to comment
Share on other sites

Note that using %{HTTP_HOST} in the rewrite rule means that you can't change www. to non-www or vice-versa. You would need a separate rewrite for that, which means two 301 round trips, which means Google will ding you.. %{HTTP_HOST} is whatever the visitor typed in for the address, not some canonical form with or without www. My recommendation is to hard code your domain name (as desired with or without www.) in the rewrite rule, to avoid such problems. Also, you can use $1 instead of %{REQUEST_URI} -- just less typing.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...