Help with SSL

Hello,

I'm here to VF v2.8.1 but worked with other forum types out there however I am having an issue with enforcing the use of SSL / https.

I have done some googling or well all day and homework but all that I have found and or try is old and out of date / brakes the site. So could someone point me the right way here for VF v2.8.1?

.htaccess & Config.php are new fresh install to work with.

PS.

I know this is asked and talked about all other the forum but I gotta be doing something wrong or just missing something here so I am willing to be told how to make this work lol.

Thanks.

Comments

  • edited March 2019

    Welcome to the community! 😄

    There is a config setting in Vanilla you can set to enforce SSL links on the app-level. See this discussion for more info: https://open.vanillaforums.com/discussion/comment/256295#Comment_256295

    For Apache, you can rewrite all URLs to redirect to https and even have www redirect to non-www and vice versa, too.

    Add Pages to Vanilla with the Basic Pages app

  • Thanks for your reply, I have Allow & ForceSSL both turned on in the config file and added a redirect to my .htaccess file. However its not redirecting (should I say)..

    config.php

    
    // Conversations
    $Configuration['Conversations']['Version'] = '2.8.1';
    
    // Garden
    $Configuration['Garden']['AllowSSL'] = true;         <--------- I have that added---|
    $Configuration['Garden']['ForceSSL'] = true;         <------------------------------|
    $Configuration['Garden']['Title'] = 'Vanilla';
    $Configuration['Garden']['Cookie']['Salt'] = 'xxxxxxxxxxxxxx';
    $Configuration['Garden']['Cookie']['Domain'] = '';
    $Configuration['Garden']['Registration']['ConfirmEmail'] = true;
    $Configuration['Garden']['Email']['SupportName'] = 'Vanilla';
    $Configuration['Garden']['Email']['Format'] = 'text';
    $Configuration['Garden']['SystemUserID'] = '1';
    $Configuration['Garden']['InputFormatter'] = 'Rich';
    $Configuration['Garden']['Version'] = 'Undefined';
    $Configuration['Garden']['CanProcessImages'] = true;
    $Configuration['Garden']['MobileInputFormatter'] = 'Rich';
    $Configuration['Garden']['Installed'] = true;
    $Configuration['Garden']['InstallationID'] = 'xxxxxxxxxxxxx';
    $Configuration['Garden']['InstallationSecret'] = 'xxxxxxxxxxxxxxxxxxxx';
    


    .htaccess

    # Original
    # If you modify this file then change the above line to: # Modified
    
    
    <IfModule mod_rewrite.c>
        RewriteEngine On
    
    
        ####
        # Certain hosts may require the following line.
        # If vanilla is in a subfolder then you need to specify it after the /.
        # (ex. You put Vanilla in /forum so change the next line to: RewriteBase /forum)
        ####
        #RewriteBase /
    
    
        # Make sure that / doesn't try to go to index.php without a rewrite :)
        DirectoryIndex disabled
    
    
        ####
        # Deny access to certain directories that SHOULD NOT be exposed.
        ####
        RewriteRule (^|/)\.git - [L,R=403]
        RewriteRule ^cache/ - [L,R=403]
        RewriteRule ^cgi-bin/ - [L,R=403]
        RewriteRule ^uploads/import/ - [L,R=403]
        RewriteRule ^vendor/ - [L,R=403]
    
    
        ####
        # Prevent access to any php script by redirecting the request to /index.php
        # You can add an exception by adding another RewriteCond after this one.
        # Example: RewriteCond %{REQUEST_URI} !^/yourscriptname.php$
        # You can comment out this section if it causes you problems.
        # This is just a nice to have for security purposes.
        ####
        RewriteCond %{REQUEST_URI} !/index.php$
        RewriteRule (.+\.php) [E=X_REWRITE:1,E=X_PATH_INFO:/$1,L]
    
    
        ####
        # Redirect any non existing file/directory to /index.php
        ####
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteRule (.*) index.php [E=X_REWRITE:1,E=X_PATH_INFO:/$1,L]
    
    
        ####
        # Add the proper X_REWRITE server variable for rewritten requests.
        ####
        RewriteCond %{ENV:REDIRECT_X_REWRITE} .+
        RewriteCond %{ENV:REDIRECT_X_PATH_INFO} (.+)
        RewriteRule ^index\.php - [E=X_REWRITE:1,E=!REDIRECT_X_REWRITE,E=X_PATH_INFO:%1,E=!REDIRECT_X_PATH_INFO,L]
    </IfModule>
    
    
    <IfModule mod_headers.c>
       <FilesMatch "(?<!embed)\.(css|js|woff|ttf|eot|svg|png|gif|jpeg|jpg|ico|swf)$">
          Header set Cache-Control "max-age=315360000"
          Header set Expires "31 December 2037 23:59:59 GMT"
       </FilesMatch>
    </IfModule>
    
    
    # Enforce use of SSL
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE] 
    </IfModule>
    


    I have found out that My host is using Lightspeed so this could be the issue!!??

  • [solved]

    So I got a hold of my host and they said add this bit to the .htaccess

        RewriteCond %{HTTPS} !=on
        RewriteRule ^/?(.*) https://www.%{SERVER_NAME}/$1 [R,L]
    
    **** Note: https://www.%{SERVER_NAME}/$1 and not https://%{HTTP_HOST}%{REQUEST_URI} ****
    

    Config.php

    $Configuration['Garden']['AllowSSL'] = true;   
    $Configuration['Garden']['ForceSSL'] = true;
    

    Issue is fix and all traffic is being forced to SSL / https!


    Thanks!

Sign In or Register to comment.