Blog Documentation Try Vanilla Cloud
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

SSL on Non-hosted/Non-Vanilla Cloud installations

TetchyTetchy New
in Vanilla 2.0 - 2.8

I have my own installation of Vanilla open source. I am trying to use SSL. I have everything set up and certs installed on my host. But when I try to use the HTTPS with my site it's not working.

Is SSL an automatic thing or do I need to change settings inside the vanilla backend? I'm looking around the admin area of vanilla but I'm not seeing an option to force SSL

Thanks!

Tagged:

Comments

  • Options
    R_JR_J Ex-Fanboy Munich Admin

    "It's not working" is kind of fuzzy and it's hard to give an advice for that.

    But Vanilla has two settings for ssl : Garden.AllowSSL, which is true by default and Garden.ForceSSL. You can try adding $Configuration['Garden']['ForceSSL'] = true; to your /conf/config.php file, but normally it should work without that.

    So maybe you can try the config setting and if your problem prevails, report in more detail what is happening.

  • Options
    terabytefrelanceterabytefrelance

    Hi @r_j @linc config $Configuration['Garden']['ForceSSL'] and $Configuration['Garden']['AllowSSL'] = true;no works, and by htaccess does not work either

    .htaccess:

<IfModule mod_rewrite.c>
    RewriteEngine On

    ####
    # Certain hosts may require the following line.
    # If vanilla is in a subfolder then you need to specify it after the /.
    # (ex. You put Vanilla in /forum so change the next line to: RewriteBase /forum)
    ####
    #RewriteBase /

    # Make sure that / doesn't try to go to index.php without a rewrite :)
    DirectoryIndex disabled

    ####
    # Deny access to certain directories that SHOULD NOT be exposed.
    ####
    RewriteRule (^|/)\.git - [L,R=403]
    RewriteRule ^cache/ - [L,R=403]
    RewriteRule ^cgi-bin/ - [L,R=403]
    RewriteRule ^uploads/import/ - [L,R=403]
    RewriteRule ^vendor/ - [L,R=403]

    ####
    # Prevent access to any php script by redirecting the request to /index.php
    # You can add an exception by adding another RewriteCond after this one.
    # Example: RewriteCond %{REQUEST_URI} !^/yourscriptname.php$
    # You can comment out this section if it causes you problems.
    # This is just a nice to have for security purposes.
    ####
    RewriteCond %{REQUEST_URI} !/index.php$
    RewriteRule (.+\.php) [E=X_REWRITE:1,E=X_PATH_INFO:/$1,L]

    ####
    # Redirect any non existing file/directory to /index.php
    ####
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule (.*) index.php [E=X_REWRITE:1,E=X_PATH_INFO:/$1,L]

    ####
    # Add the proper X_REWRITE server variable for rewritten requests.
    ####
    RewriteCond %{ENV:REDIRECT_X_REWRITE} .+
    RewriteCond %{ENV:REDIRECT_X_PATH_INFO} (.+)
    RewriteRule ^index\.php - [E=X_REWRITE:1,E=!REDIRECT_X_REWRITE,E=X_PATH_INFO:%1,E=!REDIRECT_X_PATH_INFO,L]

    RewriteCond %{HTTP_HOST} ^domain\.com$ [OR]
    RewriteCond %{HTTP_HOST} ^www\.domain\.com$
    RewriteRule ^/?$ "https\:\/\/domain\.com\/" [R=301,L]    
</IfModule>

    I'm doing something wrong, some suggestion,

    Thks,

Sign In or Register to comment.