Jump to content
supercheaphobb

SSL and redirect setup - best way

Recommended Posts

Hi all, don't understand the .htaccess file yet so I have a few questions

1. store will be in public_html/store should I use the cpanel redirect "with and with www domain.com.au to https://www.domain.com.au/store"
    or should this be done in the .htaccess file

2. If done in the .htaccess file instead of the cpanel redirect and also wanting ssl to work for the whole site including admin would the below be correct?
RewriteEngine on
RewriteCond  %{HTTPS} off   [OR]
RewriteCond  %{HTTP_HOST}  !^www\.  [NC]
RewriteRule  ^(.*)$  https://www.domain.com.au/store/$1 [R=301,L]

3. There is .htaccess files in directories like includes / images / admin / ext and most likely more.
    Do they all have to be updated?

4. The top of my current file reads as per below (I guess default cpanel one) do I leave it there?

RewriteOptions inherit
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/(?:\ Ballot169)?
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$

 

Many thanks

Share this post


Link to post
Share on other sites

@supercheaphobbThere are many ways to accomplish this. This is my preferred method:

#redirect index.php to root
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteRule ^index\.php$ https://www.YOUR DOMAIN.com/store/ [R=301,L]

#redirect non-www to www
RewriteCond %{HTTP_HOST} ^YOUR DOMAIN\.com
RewriteRule ^(.*)$ https://www.YOUR DOMAIN.com/store/$1 [R=permanent,L]

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.YOUR DOMAIN.com/store/$1 [R,L]

For the shop, you should change the .htaccess file in the root of the store directory - no others . You should also change the one in the web root if you don't use it for any other purpose.

Share this post


Link to post
Share on other sites

If you have your store in its own directory (the best way to do it), you should try to put only general site stuff in /.htaccess, and store-specific stuff (e.g., SEO rewrites) into /store/.htaccess. That way, they don't step on each other's toes and the store can be pulled out or updated cleanly at any time, or a blog can be added later. If you have only a store (for now), it is possible to rewrite the incoming URL to jump directly into the store if the visitor only goes to your site root (assuming there's nothing there of interest). Later, if you add other site content, you can write a landing page in the root, with a link to your store. It often causes problems to have a later-added blog pass through the store's .htaccess rewriting, or vice-versa, so it's best to keep them as separate as possible.

You probably would want to have SSL and "with" (or without) "www." sitewide (store plus any other content), so that would go in /.htaccess. Automatically rewriting (silently, not changing the visible address) to the /store directory, if that's what you want to do for now, would also be in /.htaccess. You can do this with the control panel redirect, but you should at least understand what that is putting in your .htaccess file. I find it easier to exactly control what it's doing if I write it myself into the /.htaccess or /store/.htaccess file(s). You can also combine actions (such as your #2 to both force SSL and force www.) into one redirect, avoiding a search engine penalty for multiple 301 redirects. But, of course, you have to know how to write this stuff (there's a good reason that Apache's own documentation calls URL rewriting "voodoo"). By the way, your #2 looks fine, if you intend to have no other content but the store.

Depending on what the other random .htaccess files do, you may or may not have to update them in some way, especially if they are hard coded to redirect to http:. The admin/.htaccess will have something in it to demand a password for access (BTW, use your hosting control panel to add this password, rather than the osC sample code, which usually doesn't work). The only downside is that the osC security check will complain that you don't have password access control, even if you do.

The rewrites at the top of your current /.htaccess are for SSL support. You should leave them alone.

Share this post


Link to post
Share on other sites

@Jack_mcs So for this part

#redirect non-www to www
RewriteCond %{HTTP_HOST} ^YOUR DOMAIN\.com

for a .com.au does it need to be written this way?

RewriteCond %{HTTP_HOST} ^domain\.com\.au

or just
RewriteCond %{HTTP_HOST} ^domain\.com.au

So just to clarify root of the store you are meaning public_html/store and web root would be public_html

Share this post


Link to post
Share on other sites

@MrPhil I used

RewriteEngine on
RewriteCond  %{HTTPS} off   [OR]
RewriteCond  %{HTTP_HOST}  !^www\.  [NC]
RewriteRule  ^(.*)$  https://www.domain.com.au/store/$1 [R=301,L] 

it redirects to /store if I enter http://www.domain.com.au or http://domain.com.au but not if I go  https://www.domain.com.au or https://domain.com.au I just get error 404

Share this post


Link to post
Share on other sites
1 hour ago, supercheaphobb said:

RewriteCond %{HTTP_HOST} ^domain\.com\.au

Correct.

1 hour ago, supercheaphobb said:

So just to clarify root of the store you are meaning public_html/store and web root would be public_html

Correct.

Share this post


Link to post
Share on other sites
Posted (edited)

If your URL is https:://www.domain.com.au, it would not trigger either the HTTPS test (already https: ) or the missing www. test (already www. ), and thus would not redirect to /store. I'm not sure why https://domain.com.au  wouldn't trigger the second rewrite condition (missing www. ). Is that an accurate copy of the code?

Note that a missing https or www will send a visitor to your store, with a 301 redirect. I don't know what else you have on your site -- I would not send someone to the store except silently (status code 200), so you may want to rewrite the above code to

RewriteEngine on

# force SSL (https) and www. form of domain name, visible on browser and to search engines
RewriteCond  %{HTTPS} off   [OR]
RewriteCond  %{HTTP_HOST}  !^www\.  [NC]
RewriteRule  ^(.*)$  https://www.domain.com.au/$1 [R=301,L]

# for time being, silently jump visitors to / over to /store
#  not visible on browser and search engine doesn't see
RewriteCond %{REQUEST_URI}  !^/store
RewriteRule ^{.*)$  /store/$1  [L]
Edited by MrPhil
don't put https: in 200 rewrite

Share this post


Link to post
Share on other sites

I had to get it working so used cpanel to create a redirect for non www and www to https://www.domain.com.au/store and it all seems to be working but the below is what ended up in the file. This is in public_html and appears to be only 1 line so no idea. And nothing in file in public_html/store.

So it's 2am in the morning now and I still got to open the shop tomorrow so I am outa here till tomorrow night - stay tuned

RewriteOptions inherit

RewriteEngine on
RewriteCond %{HTTP_HOST} ^.*$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/(?:\ Ballot169)?
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^/?$ "https\:\/\/www\.domain\.com\.au\/store" [R=301,L]

Share this post


Link to post
Share on other sites

Ok so both the frontend and admin have been working ok all day. I get home to start work on fixing a few issues and I can't get into admin

public_html/store/admin  IE says  - There were too many redirections. Error Code: INET_E_REDIRECT_FAILED

and firefox just says The page isn’t redirecting properly

have cleared the browser cache etc and still not

There is nothing else on this domain apart from the store at /store

@MrPhil

Share this post


Link to post
Share on other sites

Ok I need help to get this working. I have renamed / deleted .htaccess in both public_html and public_html/store
Then recreated the redirect in cpanel. It only created a .htacess in public_html and after clearing my cache I still can't access store/admin to many redirects

This is all of the file

RewriteEngine on
RewriteCond %{HTTP_HOST} ^supercheaphobbies\.com\.au$ [OR]
RewriteCond %{HTTP_HOST} ^www\.supercheaphobbies\.com\.au$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/(?:\ Ballot169)?
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^/?$ "https\:\/\/www\.supercheaphobbies\.com\.au\/store" [R=301,L]

Share this post


Link to post
Share on other sites

redirects should only be one in one way either in server or .htaccess or you could end up in a loop! can not remember your site so post a link or pm but it looks like you may just have a loop running.


 

Share this post


Link to post
Share on other sites

the cpanel redirect created the .htacess file that I posted....

site url is in the redirects but will pm you so save filling this topic up

Share this post


Link to post
Share on other sites

Front end looks fine apart from the fact that you can still access none SSL site. If you are runing SSL you should redirect all to use SSL. If this is the case on your admin it could be the cache is still using none SSL link? check you admin config file to see what you are setting for http and https.


 

Share this post


Link to post
Share on other sites

well https admin has been ok all day until I came home on a different internet connection and different pc

<?php
  define('HTTP_SERVER', 'https://www.supercheaphobbies.com.au');
  define('HTTPS_SERVER', 'https://www.supercheaphobbies.com.au');
  define('ENABLE_SSL', true);
  define('HTTP_COOKIE_DOMAIN', '');
  define('HTTPS_COOKIE_DOMAIN', '');
  define('HTTP_COOKIE_PATH', '/admin');
  define('HTTPS_COOKIE_PATH', '/admin');
  define('HTTP_CATALOG_SERVER', 'https://www.supercheaphobbies.com.au');
  define('HTTPS_CATALOG_SERVER', 'https://www.supercheaphobbies.com.au');
  define('ENABLE_SSL_CATALOG', 'true');
  define('DIR_FS_DOCUMENT_ROOT', '/home/superche/public_html/store/');
  define('DIR_WS_ADMIN', '/admin/');
  define('DIR_WS_HTTPS_ADMIN', '/store/admin/');
  define('DIR_FS_ADMIN', '/home/superche/public_html/store/admin/');
  define('DIR_WS_CATALOG', '/');
  define('DIR_WS_HTTPS_CATALOG', '/store/');
  define('DIR_FS_CATALOG', '/home/superche/public_html/store/');
  define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
  define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
  define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
  define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
  define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
  define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');
  define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
  define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

Share this post


Link to post
Share on other sites
23 minutes ago, supercheaphobb said:

  define('DIR_FS_DOCUMENT_ROOT', '/home/superche/public_html/store/');
  define('DIR_WS_ADMIN', '/admin/');
  define('DIR_WS_HTTPS_ADMIN', '/store/admin/');
  define('DIR_FS_ADMIN', '/home/superche/public_html/store/admin/');
  define('DIR_WS_CATALOG', '/');

The above should be

   define('DIR_FS_DOCUMENT_ROOT', '/home/superche/public_html');
   define('DIR_WS_ADMIN', '/store/admin/');
   define('DIR_WS_HTTPS_ADMIN', '/store/admin/');
   define('DIR_FS_ADMIN', '/home/superche/public_html/store/admin/');
   define('DIR_WS_CATALOG', '/store/');

 

Share this post


Link to post
Share on other sites

not sure about the changes to the config file as just threw frozen on another domain in directory public_html/frozen and it auto setup

  define('DIR_FS_DOCUMENT_ROOT', '/home/santrocom/public_html/frozen/');
  define('DIR_WS_ADMIN', '/frozen/admin/');
  define('DIR_WS_HTTPS_ADMIN', '/frozen/admin/');
  define('DIR_FS_ADMIN', '/home/santrocom/public_html/frozen/admin/');
  define('DIR_WS_CATALOG', '/frozen/');
  define('DIR_WS_HTTPS_CATALOG', '/frozen/');

Share this post


Link to post
Share on other sites

One thing that needs to be cleared up: do you really want a 301 redirect to /store? This locks you in to a visitor (including you) always being sent to /store, and precludes adding other subsystems (e.g., Wordpress in /blog). A 301 (or 302) redirect updates search engines and shows in the browser address line. My suggestion is to separately and silently (200 code) rewrite the URL in /.htaccess to /store, leaving you free in the future to add more subsystems (and remove the rewrite). Forcing SSL (https) and www. on the domain should be done with 301 in .htaccess. You want visitors who neglected to type in https, or left off the www., to be corrected. You will probably have to manually set up your .htaccess file(s) rather than relying on your control panel.

On your Frozen install, you must have set up something incorrectly. You should not have .../frozen and frozen/... operating together when the strings are glued together.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×