Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Help with SSL

Hello,

I'm here to VF v2.8.1 but worked with other forum types out there however I am having an issue with enforcing the use of SSL / https.

I have done some googling or well all day and homework but all that I have found and or try is old and out of date / brakes the site. So could someone point me the right way here for VF v2.8.1?

.htaccess & Config.php are new fresh install to work with.

PS.

I know this is asked and talked about all other the forum but I gotta be doing something wrong or just missing something here so I am willing to be told how to make this work lol.

Thanks.

Comments

  • edited March 2019

    Welcome to the community! 😄

    There is a config setting in Vanilla you can set to enforce SSL links on the app-level. See this discussion for more info: https://open.vanillaforums.com/discussion/comment/256295#Comment_256295

    For Apache, you can rewrite all URLs to redirect to https and even have www redirect to non-www and vice versa, too.

    Add Pages to Vanilla with the Basic Pages app

  • Thanks for your reply, I have Allow & ForceSSL both turned on in the config file and added a redirect to my .htaccess file. However its not redirecting (should I say)..

    config.php

    
    // Conversations
    $Configuration['Conversations']['Version'] = '2.8.1';
    
    // Garden
    $Configuration['Garden']['AllowSSL'] = true;         <--------- I have that added---|
    $Configuration['Garden']['ForceSSL'] = true;         <------------------------------|
    $Configuration['Garden']['Title'] = 'Vanilla';
    $Configuration['Garden']['Cookie']['Salt'] = 'xxxxxxxxxxxxxx';
    $Configuration['Garden']['Cookie']['Domain'] = '';
    $Configuration['Garden']['Registration']['ConfirmEmail'] = true;
    $Configuration['Garden']['Email']['SupportName'] = 'Vanilla';
    $Configuration['Garden']['Email']['Format'] = 'text';
    $Configuration['Garden']['SystemUserID'] = '1';
    $Configuration['Garden']['InputFormatter'] = 'Rich';
    $Configuration['Garden']['Version'] = 'Undefined';
    $Configuration['Garden']['CanProcessImages'] = true;
    $Configuration['Garden']['MobileInputFormatter'] = 'Rich';
    $Configuration['Garden']['Installed'] = true;
    $Configuration['Garden']['InstallationID'] = 'xxxxxxxxxxxxx';
    $Configuration['Garden']['InstallationSecret'] = 'xxxxxxxxxxxxxxxxxxxx';
    


    .htaccess

    # Original
    # If you modify this file then change the above line to: # Modified
    
    
    <IfModule mod_rewrite.c>
        RewriteEngine On
    
    
        ####
        # Certain hosts may require the following line.
        # If vanilla is in a subfolder then you need to specify it after the /.
        # (ex. You put Vanilla in /forum so change the next line to: RewriteBase /forum)
        ####
        #RewriteBase /
    
    
        # Make sure that / doesn't try to go to index.php without a rewrite :)
        DirectoryIndex disabled
    
    
        ####
        # Deny access to certain directories that SHOULD NOT be exposed.
        ####
        RewriteRule (^|/)\.git - [L,R=403]
        RewriteRule ^cache/ - [L,R=403]
        RewriteRule ^cgi-bin/ - [L,R=403]
        RewriteRule ^uploads/import/ - [L,R=403]
        RewriteRule ^vendor/ - [L,R=403]
    
    
        ####
        # Prevent access to any php script by redirecting the request to /index.php
        # You can add an exception by adding another RewriteCond after this one.
        # Example: RewriteCond %{REQUEST_URI} !^/yourscriptname.php$
        # You can comment out this section if it causes you problems.
        # This is just a nice to have for security purposes.
        ####
        RewriteCond %{REQUEST_URI} !/index.php$
        RewriteRule (.+\.php) [E=X_REWRITE:1,E=X_PATH_INFO:/$1,L]
    
    
        ####
        # Redirect any non existing file/directory to /index.php
        ####
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteRule (.*) index.php [E=X_REWRITE:1,E=X_PATH_INFO:/$1,L]
    
    
        ####
        # Add the proper X_REWRITE server variable for rewritten requests.
        ####
        RewriteCond %{ENV:REDIRECT_X_REWRITE} .+
        RewriteCond %{ENV:REDIRECT_X_PATH_INFO} (.+)
        RewriteRule ^index\.php - [E=X_REWRITE:1,E=!REDIRECT_X_REWRITE,E=X_PATH_INFO:%1,E=!REDIRECT_X_PATH_INFO,L]
    </IfModule>
    
    
    <IfModule mod_headers.c>
       <FilesMatch "(?<!embed)\.(css|js|woff|ttf|eot|svg|png|gif|jpeg|jpg|ico|swf)$">
          Header set Cache-Control "max-age=315360000"
          Header set Expires "31 December 2037 23:59:59 GMT"
       </FilesMatch>
    </IfModule>
    
    
    # Enforce use of SSL
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE] 
    </IfModule>
    


    I have found out that My host is using Lightspeed so this could be the issue!!??

  • [solved]

    So I got a hold of my host and they said add this bit to the .htaccess

        RewriteCond %{HTTPS} !=on
        RewriteRule ^/?(.*) https://www.%{SERVER_NAME}/$1 [R,L]
    
    **** Note: https://www.%{SERVER_NAME}/$1 and not https://%{HTTP_HOST}%{REQUEST_URI} ****
    

    Config.php

    $Configuration['Garden']['AllowSSL'] = true;   
    $Configuration['Garden']['ForceSSL'] = true;
    

    Issue is fix and all traffic is being forced to SSL / https!


    Thanks!

Sign In or Register to comment.