Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product
Vanilla 2.6 is here! It includes security fixes and requires PHP 7.0. We have therefore ALSO released Vanilla 2.5.2 with security patches if you are still on PHP 5.6 to give you additional time to upgrade.
Please upgrade to 2.3 here. The 2.2 and earlier branches are no longer being updated.

SSL on Non-hosted/Non-Vanilla Cloud installations

I have my own installation of Vanilla open source. I am trying to use SSL. I have everything set up and certs installed on my host. But when I try to use the HTTPS with my site it's not working.

Is SSL an automatic thing or do I need to change settings inside the vanilla backend? I'm looking around the admin area of vanilla but I'm not seeing an option to force SSL

Thanks!

Comments

  • R_JR_J Cheerleader & Troubleshooter Munich Moderator

    "It's not working" is kind of fuzzy and it's hard to give an advice for that.

    But Vanilla has two settings for ssl : Garden.AllowSSL, which is true by default and Garden.ForceSSL. You can try adding $Configuration['Garden']['ForceSSL'] = true; to your /conf/config.php file, but normally it should work without that.

    So maybe you can try the config setting and if your problem prevails, report in more detail what is happening.

    Linc
  • Hi @r_j @linc config $Configuration['Garden']['ForceSSL'] and $Configuration['Garden']['AllowSSL'] = true;no works, and by htaccess does not work either

    .htaccess:
    
    <IfModule mod_rewrite.c>
        RewriteEngine On
    
        ####
        # Certain hosts may require the following line.
        # If vanilla is in a subfolder then you need to specify it after the /.
        # (ex. You put Vanilla in /forum so change the next line to: RewriteBase /forum)
        ####
        #RewriteBase /
    
        # Make sure that / doesn't try to go to index.php without a rewrite :)
        DirectoryIndex disabled
    
        ####
        # Deny access to certain directories that SHOULD NOT be exposed.
        ####
        RewriteRule (^|/)\.git - [L,R=403]
        RewriteRule ^cache/ - [L,R=403]
        RewriteRule ^cgi-bin/ - [L,R=403]
        RewriteRule ^uploads/import/ - [L,R=403]
        RewriteRule ^vendor/ - [L,R=403]
    
        ####
        # Prevent access to any php script by redirecting the request to /index.php
        # You can add an exception by adding another RewriteCond after this one.
        # Example: RewriteCond %{REQUEST_URI} !^/yourscriptname.php$
        # You can comment out this section if it causes you problems.
        # This is just a nice to have for security purposes.
        ####
        RewriteCond %{REQUEST_URI} !/index.php$
        RewriteRule (.+\.php) [E=X_REWRITE:1,E=X_PATH_INFO:/$1,L]
    
        ####
        # Redirect any non existing file/directory to /index.php
        ####
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteRule (.*) index.php [E=X_REWRITE:1,E=X_PATH_INFO:/$1,L]
    
        ####
        # Add the proper X_REWRITE server variable for rewritten requests.
        ####
        RewriteCond %{ENV:REDIRECT_X_REWRITE} .+
        RewriteCond %{ENV:REDIRECT_X_PATH_INFO} (.+)
        RewriteRule ^index\.php - [E=X_REWRITE:1,E=!REDIRECT_X_REWRITE,E=X_PATH_INFO:%1,E=!REDIRECT_X_PATH_INFO,L]
    
        RewriteCond %{HTTP_HOST} ^domain\.com$ [OR]
        RewriteCond %{HTTP_HOST} ^www\.domain\.com$
        RewriteRule ^/?$ "https\:\/\/domain\.com\/" [R=301,L]    
    </IfModule>
    

    I'm doing something wrong, some suggestion,

    Thks,

Sign In or Register to comment.