Jump to content
pafranklin

Moving from HTTP to HTTPS

Recommended Posts

Hi,

With news, rumors and articles suggesting that Google is starting to de-rank  sites that are not HTTPS across the entire site I just want to double check how I do this.

I currently have an SSL in place so is it simply a question of amending the 2 configure.php files on the admin and frontend?

Any pointers would be very gratefully received!

Paul


You will never learn if you don't try. And boy am I trying....!

Share this post


Link to post
Share on other sites

Two things to do:

  1. Change the two configure.php files to use https everywhere, rather than both http and https. You want all your site internal links to be https.
  2. Check for incoming http requests (such as old bookmarks and search engine entries) and redirect them to https (in .htaccess or similar) with a 301 status. You want to inform all visitors that the site is now https, especially search engines.

If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get (stable) Frozenpatches or (unstable) Edge. See also the naming convention and the latest community-supported responsive "Edge" release

Share this post


Link to post
Share on other sites

You will need more than just redirecting from http to https to do it correctly. See this post.

Share this post


Link to post
Share on other sites

Thank you all for the comments.

When I made the changes to the catalog/includes/configure file when the site went to checkout the pages lost all CSS, images and layout (as enclosed). Is this because I still need to make the changs to .htaccess?

Thanks in advance.

Paul

ScreenClip.png


You will never learn if you don't try. And boy am I trying....!

Share this post


Link to post
Share on other sites

Have you either cleared your browser cache or done a hard refresh (Ctrl-F5)? You might be looking at an old page that's still trying to pull up http: files that no longer exist.


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get (stable) Frozenpatches or (unstable) Edge. See also the naming convention and the latest community-supported responsive "Edge" release

Share this post


Link to post
Share on other sites
On 4/28/2018 at 1:46 PM, pafranklin said:

Thank you all for the comments.

When I made the changes to the catalog/includes/configure file when the site went to checkout the pages lost all CSS, images and layout (as enclosed). Is this because I still need to make the changs to .htaccess?

Thanks in advance.

Paul

ScreenClip.png

Hey, I have same problem. How did you fix it? Tx, Gasper

Share this post


Link to post
Share on other sites

@gassko

This does not look like a redirect problem. Post both of your configure.php files (there are two: one in /catalog/includes/, and the other in /catalog/<your admin directory name>/includes/). Be sure to edit our personal information, especially your database name, database admin user name, and database admin password.

M


Get the latest Responsive osCommerce CE (community edition) here .

Share this post


Link to post
Share on other sites
On 1/12/2019 at 10:43 PM, ArtcoInc said:

@gassko

This does not look like a redirect problem. Post both of your configure.php files (there are two: one in /catalog/includes/, and the other in /catalog/<your admin directory name>/includes/). Be sure to edit our personal information, especially your database name, database admin user name, and database admin password.

M

Hey Artcolnc, I have missed configure file in admin directory. Fixed it. Thanks!!!

Share this post


Link to post
Share on other sites

I still dont have secure connection. Any idea why?

image.png.9d1ac9ebe98dee9fc6374e84f80a3ed4.png

 

I have also set up .htaccess redirect and now I cannot access adim site. 

RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.datalogger-shop.eu
RewriteRule ^(.*)$ https://www.datalogger-shop.eu/shop/$1 [R=301,L] 

Please advise. Tx G

Share this post


Link to post
Share on other sites

You have mixed content on your site. Use browser inspect tool to see it. Edit the relavent files and replace http: with https:

image.thumb.png.bc04dec76ac0d60fa66ed3212c4cfb01.png

Edited by JcMagpie

 

Share this post


Link to post
Share on other sites
1 hour ago, gassko said:

I have also set up .htaccess redirect and now I cannot access adim site. 

Sorry for second point you need to check and make sure your admin config seeting match your redirect.

Or try stock redirect.

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
# this makes it a permanent redirect
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

 

Edited by JcMagpie

 

Share this post


Link to post
Share on other sites

This redirect will not work correctly. If the incoming URL is http://domain.com..., it will rewrite to https://domain.com..., when the OP wants https://www.domain.com...  Or, if the incoming URL is https://www.domain.com, it will redirect to... https://www.domain.com...! (probably a 500 error loop) This is why you never use HTTP_HOST in the rewrite -- you always hard code the domain name (with or without the www, as the version you are trying to use).

%{HTTP_HOST} is not some canonical form. It is what the visitor typed in as the address, and could have (at a minimum) www or be missing it.

Edited by MrPhil

If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get (stable) Frozenpatches or (unstable) Edge. See also the naming convention and the latest community-supported responsive "Edge" release

Share this post


Link to post
Share on other sites
1 hour ago, gassko said:

I still dont have secure connection. Any idea why?

You are using a custom template which is calling many of it's resources from http: sites. You can either go back to the person you got the template and ask for an update to a SSL version or edit all the files to replace http with https and if they all have https alternatives ( and they probably will) you should be fine.


 

Share this post


Link to post
Share on other sites
14 hours ago, MrPhil said:

This redirect will not work correctly. If the incoming URL is http://domain.com..., it will rewrite to https://domain.com..., when the OP wants https://www.domain.com...  Or, if the incoming URL is https://www.domain.com, it will redirect to... https://www.domain.com...! (probably a 500 error loop) This is why you never use HTTP_HOST in the rewrite -- you always hard code the domain name (with or without the www, as the version you are trying to use).

%{HTTP_HOST} is not some canonical form. It is what the visitor typed in as the address, and could have (at a minimum) www or be missing it.

Thank you for answer. What redirect should I use then? Before SSL I had: 

RewriteEngine On
RewriteCond %{HTTP_HOST} ^datalogger-shop.eu
RewriteRule (.*) http://www.datalogger-shop.eu/shop/$1 [R=301,L]

and I could normaly access admin page, now I cant. 

 

Edited by gassko

Share this post


Link to post
Share on other sites
14 hours ago, JcMagpie said:

You are using a custom template which is calling many of it's resources from http: sites. You can either go back to the person you got the template and ask for an update to a SSL version or edit all the files to replace http with https and if they all have https alternatives ( and they probably will) you should be fine.

Thank you for answer. 

Unfortunatly person who got me template and was doing all the hard work on my oscommerce shop has passed away. 

I will try and change all files with http to https.

Share this post


Link to post
Share on other sites

Instructions courtesy of one of the internets largest hosting companys! I think they know what they are talking about, as allways your free to take other advice. If in any doubt talk to your hosting company and they will be in best place to advise you.
 

Redirect All Web Traffic

To force all web traffic to use HTTPS, add the following lines of code in the .htaccess file in your website's root folder.

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Redirect Only Specified Domain

To force a specific domain to use HTTPS, use the following lines of code in the .htaccess file in your website's root folder:

RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine On 
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

 

If this doesn't work, try removing the first two lines

RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

Redirect Specified Folder

If you want to force SSL on a specific folder, insert the code below into a .htaccess file placed in that specific folder:

RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} folder
RewriteRule ^(.*)$ https://www.example.com/folder/$1 [R=301,L]

NOTE: If you have existing code in your .htaccess, add this above where there are already rules with a similar starting prefix.


 

Share this post


Link to post
Share on other sites
1 hour ago, gassko said:

Unfortunatly person who got me template and was doing all the hard work on my oscommerce shop has passed away. 

If you need help there are some very good developers on this forum that i'm sure would be able to help you with this. Otherwise just post or pm if the info is sensative if you need more help.


 

Share this post


Link to post
Share on other sites
7 hours ago, gassko said:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^datalogger-shop.eu
RewriteRule (.*) http://www.datalogger-shop.eu/shop/$1 [R=301,L]

I would try

RewriteEngine On
RewriteCond %{HTTPS}  !on  [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.datalogger-shop.eu/shop/$1 [R=301,L] 

This should change http: to https: and add www. to the domain name if it's missing. Sometimes %{HTTPS} acts a little weird, and you may need to test =off or 0 instead of !on. Your host should know for sure. Also, sometimes they add a couple lines to exclude some SSL identification stuff.


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get (stable) Frozenpatches or (unstable) Edge. See also the naming convention and the latest community-supported responsive "Edge" release

Share this post


Link to post
Share on other sites

Apache

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Nginx

server {
    listen 80;
    server_name your-site.com www.your-site.com;
    return 301 https://your-site.com$request_uri;
}

Links removed.

 

Edited by Dan Cole
Removed external link.

Share this post


Link to post
Share on other sites

Note that using %{HTTP_HOST} in the rewrite rule means that you can't change www. to non-www or vice-versa. You would need a separate rewrite for that, which means two 301 round trips, which means Google will ding you.. %{HTTP_HOST} is whatever the visitor typed in for the address, not some canonical form with or without www. My recommendation is to hard code your domain name (as desired with or without www.) in the rewrite rule, to avoid such problems. Also, you can use $1 instead of %{REQUEST_URI} -- just less typing.


If you are running the "official" osC 2.3.4 or 2.3.4.1 download, your installation is obsolete! Get (stable) Frozenpatches or (unstable) Edge. See also the naming convention and the latest community-supported responsive "Edge" release

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×