SSL support for self hosted forum
desai_amogh
New
I have a self hosted Vanilla forum. My hosting has builtin support for letsencrypt free SSL certificates. I have enabled this letsencrypt support in the hosting and added following changes:
- in config.php file
$Configuration['Garden']['AllowSSL'] = TRUE; $Configuration['Garden']['ForceSSL']=TRUE;
- in .htaccess file
<IfModule mod_rewrite.c> RewriteEngine On # Certain hosts may require the following line. # If vanilla is in a subfolder then you need to specify it after the /. # (ex. You put Vanilla in /forum so change the next line to: RewriteBase /forum) RewriteBase / RewriteCond %{HTTPS} !=on RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] </IfModule>
All my forum links redirect to https now but the site doesn't show as secure/ssl verified. Any help would be appreciated.
(Note: I have other wordpress sites hosted on the same hosting with letsencrypt enabled and they work just fine with above 2 settings.)
Comments
I am unclear why you made changes to your .htaccess file. That should not be necessary. I would roll back those changes as a first step.
I believe he did this:
RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]This is a common advise found on the net like stackoverflow.. but this is not necessary to do because Vanilla already is SSL friendly. You need to check your configuration because SSL works automatically without any need to alter htaccess for Vanilla. Unless your host has something to do with it. Then I would ask the host to fix it.
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
I have rolled back the changes from .htaccess file. For record I have attached the txt file.
So all I have got now is this change in the in config.php file
$Configuration['Garden']['AllowSSL'] = TRUE; $Configuration['Garden']['ForceSSL']=TRUE;These changes has not made any difference.
Just to note enabling Letsencrypt certificates and redirecting http to https in .htaccess is all it takes for my wordpress site on this hosting, dint need any other setting. Attached pics of bot the sites for reference.
Do you have a link to the site ?
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
Remove all the content inside your htaccess file for Vanilla and try adding this into it instead.
# Modified # If you modify this file then change the above line to: # Modified <IfModule mod_rewrite.c> RewriteEngine On # Certain hosts may require the following line. # If vanilla is in a subfolder then you need to specify it after the /. # (ex. You put Vanilla in /forum so change the next line to: RewriteBase /forum) RewriteBase / RewriteCond %{HTTPS} !=on RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ index.php\?p=$1 [QSA,L] </IfModule>❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
Thanks for your help @Linc and @vrijvlinder. My issue is resolved to some extent. I had enabled the letsencrypt https on my domain before installing the forum. I have disabled letsencrypt and enabled or reinstalled it again in my hosting and that now brings up the https://domain.com as a secure site.
However, domain.com doesnt redirect or auto fetch the secure site. It only shows http and if i manually type https it shows secure site.
I have tried enabling the https redirection in .htacces with no success. Any pointers ???
my site is at electronicsforum.in
with just this in the .htaccess file i get a 500 internal server error.
`# Modified
If you modify this file then change the above line to: # Modified
RewriteEngine On
# Certain hosts may require the following line.
# If vanilla is in a subfolder then you need to specify it after the /.
# (ex. You put Vanilla in /forum so change the next line to: RewriteBase /forum)
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php\?p=$1 [QSA,L]
`
ok sorry my bad.. there was a syntex error in my .htaccess file.. . with just
# Modified # If you modify this file then change the above line to: # Modified <IfModule mod_rewrite.c> RewriteEngine On # Certain hosts may require the following line. # If vanilla is in a subfolder then you need to specify it after the /. # (ex. You put Vanilla in /forum so change the next line to: RewriteBase /forum) RewriteBase / RewriteCond %{HTTPS} !=on RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ index.php\?p=$1 [QSA,L] </IfModule>makes no difference. im still at type electronicsforum.in get http site and type https://electronicsforum.in get secure site. no auto redirection happening.
I think the place where you need to do the redirects is at server level. You should have access to an htaccess editor where you can add rules to serve only encrypted files.
SSL is working in Vanilla and on your site if the request is sent using
https://However , it also serves the non encrypted version if you don't write it yourself. This is something you need to get your host to help you fix I believe. To not serve the non encrypted content.
Please use this code inside your htaccess file and nothing else. Delete the contents and copy this bellow into it. Regardless of ssl or not , if you don't use this , you will have 404 errors all over and you won't be able to log in either.
# Modified # If you modify this file then change the above line to: # Modified <IfModule mod_rewrite.c> RewriteEngine On # Certain hosts may require the following line. # If vanilla is in a subfolder then you need to specify it after the /. # (ex. You put Vanilla in /forum so change the next line to: RewriteBase /forum) RewriteBase / RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^(.*)$ index.php\?p=$1 [QSA,L] </IfModule>❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
Well that is is completely different issue. Do you have a signed certificate from a certificate authority for that domain?
It is not under the control of Vanilla.
grep is your friend.
-
grep is your friend.
@vrijvlinder after some more reading I am now able to get the naked domain or http url auto redirected to HTTPS. I added this right after the RewriteEngine On in your above example:
So now my redirection works and http goes to https on site electronicsforum.in
Question is, as you said earlier changing anything from your .htaccess might result in 404, Could you advise if I need to worry?? Also, with my above edit, could you suggest a fine .htaccess config for me which I can keep ?? (this is a smf to vanilla migrated forum and I also need to worry about 301 SEo stuff)
I have checked some 10-15 links on my forum and all seem to redirect fine and only posts with embedded http images show as nonsecure, is there a fix for that ??
Yea that will be an issue because those images are not being served with encryption. Maybe make sure all the content is internal. But this will only affect browsers that block non secure content, like facebook..
❌ ✊ ♥. ¸. ••. ¸♥¸. ••. ¸♥ ✊ ❌
Use in .htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
# Certain hosts may require the following line.
# If vanilla is in a subfolder then you need to specify it after the /.
# (ex. You put Vanilla in /forum so change the next line to: RewriteBase /forum)
RewriteBase /forum
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php\?p=$1 [QSA,L]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^name.com/forum$ [NC]
RewriteRule ^(.*)$ https://name.com/forum/$1 [L,R=301]
</IfModule>