Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

SSL and redirect setup - best way


SCH_001

Recommended Posts

Hi all, don't understand the .htaccess file yet so I have a few questions

1. store will be in public_html/store should I use the cpanel redirect "with and with www domain.com.au to https://www.domain.com.au/store"
    or should this be done in the .htaccess file

2. If done in the .htaccess file instead of the cpanel redirect and also wanting ssl to work for the whole site including admin would the below be correct?
RewriteEngine on
RewriteCond  %{HTTPS} off   [OR]
RewriteCond  %{HTTP_HOST}  !^www\.  [NC]
RewriteRule  ^(.*)$  https://www.domain.com.au/store/$1 [R=301,L]

3. There is .htaccess files in directories like includes / images / admin / ext and most likely more.
    Do they all have to be updated?

4. The top of my current file reads as per below (I guess default cpanel one) do I leave it there?

RewriteOptions inherit
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/(?:\ Ballot169)?
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$

 

Many thanks

Link to comment
Share on other sites

@supercheaphobbThere are many ways to accomplish this. This is my preferred method:

#redirect index.php to root
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteRule ^index\.php$ https://www.YOUR DOMAIN.com/store/ [R=301,L]

#redirect non-www to www
RewriteCond %{HTTP_HOST} ^YOUR DOMAIN\.com
RewriteRule ^(.*)$ https://www.YOUR DOMAIN.com/store/$1 [R=permanent,L]

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.YOUR DOMAIN.com/store/$1 [R,L]

For the shop, you should change the .htaccess file in the root of the store directory - no others . You should also change the one in the web root if you don't use it for any other purpose.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

If you have your store in its own directory (the best way to do it), you should try to put only general site stuff in /.htaccess, and store-specific stuff (e.g., SEO rewrites) into /store/.htaccess. That way, they don't step on each other's toes and the store can be pulled out or updated cleanly at any time, or a blog can be added later. If you have only a store (for now), it is possible to rewrite the incoming URL to jump directly into the store if the visitor only goes to your site root (assuming there's nothing there of interest). Later, if you add other site content, you can write a landing page in the root, with a link to your store. It often causes problems to have a later-added blog pass through the store's .htaccess rewriting, or vice-versa, so it's best to keep them as separate as possible.

You probably would want to have SSL and "with" (or without) "www." sitewide (store plus any other content), so that would go in /.htaccess. Automatically rewriting (silently, not changing the visible address) to the /store directory, if that's what you want to do for now, would also be in /.htaccess. You can do this with the control panel redirect, but you should at least understand what that is putting in your .htaccess file. I find it easier to exactly control what it's doing if I write it myself into the /.htaccess or /store/.htaccess file(s). You can also combine actions (such as your #2 to both force SSL and force www.) into one redirect, avoiding a search engine penalty for multiple 301 redirects. But, of course, you have to know how to write this stuff (there's a good reason that Apache's own documentation calls URL rewriting "voodoo"). By the way, your #2 looks fine, if you intend to have no other content but the store.

Depending on what the other random .htaccess files do, you may or may not have to update them in some way, especially if they are hard coded to redirect to http:. The admin/.htaccess will have something in it to demand a password for access (BTW, use your hosting control panel to add this password, rather than the osC sample code, which usually doesn't work). The only downside is that the osC security check will complain that you don't have password access control, even if you do.

The rewrites at the top of your current /.htaccess are for SSL support. You should leave them alone.

Link to comment
Share on other sites

@Jack_mcs So for this part

#redirect non-www to www
RewriteCond %{HTTP_HOST} ^YOUR DOMAIN\.com

for a .com.au does it need to be written this way?

RewriteCond %{HTTP_HOST} ^domain\.com\.au

or just
RewriteCond %{HTTP_HOST} ^domain\.com.au

So just to clarify root of the store you are meaning public_html/store and web root would be public_html

Link to comment
Share on other sites

@MrPhil I used

RewriteEngine on
RewriteCond  %{HTTPS} off   [OR]
RewriteCond  %{HTTP_HOST}  !^www\.  [NC]
RewriteRule  ^(.*)$  https://www.domain.com.au/store/$1 [R=301,L] 

it redirects to /store if I enter http://www.domain.com.au or http://domain.com.au but not if I go  https://www.domain.com.au or https://domain.com.au I just get error 404

Link to comment
Share on other sites

1 hour ago, supercheaphobb said:

RewriteCond %{HTTP_HOST} ^domain\.com\.au

Correct.

1 hour ago, supercheaphobb said:

So just to clarify root of the store you are meaning public_html/store and web root would be public_html

Correct.

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

If your URL is https:://www.domain.com.au, it would not trigger either the HTTPS test (already https: ) or the missing www. test (already www. ), and thus would not redirect to /store. I'm not sure why https://domain.com.au  wouldn't trigger the second rewrite condition (missing www. ). Is that an accurate copy of the code?

Note that a missing https or www will send a visitor to your store, with a 301 redirect. I don't know what else you have on your site -- I would not send someone to the store except silently (status code 200), so you may want to rewrite the above code to

RewriteEngine on

# force SSL (https) and www. form of domain name, visible on browser and to search engines
RewriteCond  %{HTTPS} off   [OR]
RewriteCond  %{HTTP_HOST}  !^www\.  [NC]
RewriteRule  ^(.*)$  https://www.domain.com.au/$1 [R=301,L]

# for time being, silently jump visitors to / over to /store
#  not visible on browser and search engine doesn't see
RewriteCond %{REQUEST_URI}  !^/store
RewriteRule ^{.*)$  /store/$1  [L]
Link to comment
Share on other sites

I had to get it working so used cpanel to create a redirect for non www and www to https://www.domain.com.au/store and it all seems to be working but the below is what ended up in the file. This is in public_html and appears to be only 1 line so no idea. And nothing in file in public_html/store.

So it's 2am in the morning now and I still got to open the shop tomorrow so I am outa here till tomorrow night - stay tuned

RewriteOptions inherit

RewriteEngine on
RewriteCond %{HTTP_HOST} ^.*$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/(?:\ Ballot169)?
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^/?$ "https\:\/\/www\.domain\.com\.au\/store" [R=301,L]

Link to comment
Share on other sites

Ok so both the frontend and admin have been working ok all day. I get home to start work on fixing a few issues and I can't get into admin

public_html/store/admin  IE says  - There were too many redirections. Error Code: INET_E_REDIRECT_FAILED

and firefox just says The page isn’t redirecting properly

have cleared the browser cache etc and still not

There is nothing else on this domain apart from the store at /store

@MrPhil

Link to comment
Share on other sites

Ok I need help to get this working. I have renamed / deleted .htaccess in both public_html and public_html/store
Then recreated the redirect in cpanel. It only created a .htacess in public_html and after clearing my cache I still can't access store/admin to many redirects

This is all of the file

RewriteEngine on
RewriteCond %{HTTP_HOST} ^supercheaphobbies\.com\.au$ [OR]
RewriteCond %{HTTP_HOST} ^www\.supercheaphobbies\.com\.au$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/(?:\ Ballot169)?
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteRule ^/?$ "https\:\/\/www\.supercheaphobbies\.com\.au\/store" [R=301,L]

Link to comment
Share on other sites

redirects should only be one in one way either in server or .htaccess or you could end up in a loop! can not remember your site so post a link or pm but it looks like you may just have a loop running.

 

Link to comment
Share on other sites

Front end looks fine apart from the fact that you can still access none SSL site. If you are runing SSL you should redirect all to use SSL. If this is the case on your admin it could be the cache is still using none SSL link? check you admin config file to see what you are setting for http and https.

 

Link to comment
Share on other sites

well https admin has been ok all day until I came home on a different internet connection and different pc

<?php
  define('HTTP_SERVER', 'https://www.supercheaphobbies.com.au');
  define('HTTPS_SERVER', 'https://www.supercheaphobbies.com.au');
  define('ENABLE_SSL', true);
  define('HTTP_COOKIE_DOMAIN', '');
  define('HTTPS_COOKIE_DOMAIN', '');
  define('HTTP_COOKIE_PATH', '/admin');
  define('HTTPS_COOKIE_PATH', '/admin');
  define('HTTP_CATALOG_SERVER', 'https://www.supercheaphobbies.com.au');
  define('HTTPS_CATALOG_SERVER', 'https://www.supercheaphobbies.com.au');
  define('ENABLE_SSL_CATALOG', 'true');
  define('DIR_FS_DOCUMENT_ROOT', '/home/superche/public_html/store/');
  define('DIR_WS_ADMIN', '/admin/');
  define('DIR_WS_HTTPS_ADMIN', '/store/admin/');
  define('DIR_FS_ADMIN', '/home/superche/public_html/store/admin/');
  define('DIR_WS_CATALOG', '/');
  define('DIR_WS_HTTPS_CATALOG', '/store/');
  define('DIR_FS_CATALOG', '/home/superche/public_html/store/');
  define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');
  define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');
  define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');
  define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');
  define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');
  define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');
  define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');
  define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

Link to comment
Share on other sites

23 minutes ago, supercheaphobb said:

  define('DIR_FS_DOCUMENT_ROOT', '/home/superche/public_html/store/');
  define('DIR_WS_ADMIN', '/admin/');
  define('DIR_WS_HTTPS_ADMIN', '/store/admin/');
  define('DIR_FS_ADMIN', '/home/superche/public_html/store/admin/');
  define('DIR_WS_CATALOG', '/');

The above should be

   define('DIR_FS_DOCUMENT_ROOT', '/home/superche/public_html');
   define('DIR_WS_ADMIN', '/store/admin/');
   define('DIR_WS_HTTPS_ADMIN', '/store/admin/');
   define('DIR_FS_ADMIN', '/home/superche/public_html/store/admin/');
   define('DIR_WS_CATALOG', '/store/');

 

Support Links:

For Hire: Contact me for anything you need help with for your shop: upgrading, hosting, repairs, code written, etc.

Get the latest versions of my addons

Recommended SEO Addons

Link to comment
Share on other sites

not sure about the changes to the config file as just threw frozen on another domain in directory public_html/frozen and it auto setup

  define('DIR_FS_DOCUMENT_ROOT', '/home/santrocom/public_html/frozen/');
  define('DIR_WS_ADMIN', '/frozen/admin/');
  define('DIR_WS_HTTPS_ADMIN', '/frozen/admin/');
  define('DIR_FS_ADMIN', '/home/santrocom/public_html/frozen/admin/');
  define('DIR_WS_CATALOG', '/frozen/');
  define('DIR_WS_HTTPS_CATALOG', '/frozen/');

Link to comment
Share on other sites

One thing that needs to be cleared up: do you really want a 301 redirect to /store? This locks you in to a visitor (including you) always being sent to /store, and precludes adding other subsystems (e.g., Wordpress in /blog). A 301 (or 302) redirect updates search engines and shows in the browser address line. My suggestion is to separately and silently (200 code) rewrite the URL in /.htaccess to /store, leaving you free in the future to add more subsystems (and remove the rewrite). Forcing SSL (https) and www. on the domain should be done with 301 in .htaccess. You want visitors who neglected to type in https, or left off the www., to be corrected. You will probably have to manually set up your .htaccess file(s) rather than relying on your control panel.

On your Frozen install, you must have set up something incorrectly. You should not have .../frozen and frozen/... operating together when the strings are glued together.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...