Please note that the forum isn't realy used anymore.

If you have questions, want support or just simply want to talk to us you can find us on slack.

 

Force https in htaccess

What is the best way to redirect http to https in .htaccess. I tried some soms stack overflow examples but always gave soms problems.

Have you tried this: http://www.besthostratings.com/articles/force-ssl-htaccess.html

I tried several examples. But they need to work with the current .htaccess

What is your apache version?

Frederik, did you find a solution? I'm going to buy a certificate and I think that I'll need a solution like this.

Seemed like I had the same problem as Frederik. I spent an hour trying different .htaccess snippets from stackoverflow until I had no redirect loops anymore. I'll write my conclusions here:

Redirect your Fork CMS site from HTTP to HTTPS

So your certificate is installed and you tested everything and eliminated duplicate content. Your site works fine over both HTTP and HTTPS, now it's time to flip the switch and make it no longer accessible over HTTP.

I started by editing the parameters.yml config file and I made sure that site.protocol was set to https instead of http.

Add these rules to your .htaccess:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

This should work on normal servers. If this works, you can skip the next paragraph.

The problem I had (and Frederik too I think), is that Openminds hosting is using a Nginx proxy/loadbalancer so the code above doesn't work (I got an infinite loop because %{HTTPS} seems always off). I solved it by doing this:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Forcing your domain to www

I wanted to force "www" in front of my domain name too, so I don't have a "duplicate" domain name. This is what I used:

# rule for forcing www on main domain
RewriteCond %{HTTP_HOST} ^domainname\.be$ [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# rule for removing www on sub domains
# RewriteCond %{HTTP_HOST} ^www\.([^.]+\.domainname\.be)$ [NC]
# RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]

Tweaking SSL settings

If you want you can tweak some of your SSL settings, such as enabling only a strict set of ciphers. Whilst this is entirely optional, one tweak is recommended though: enabling HTTP Strict Transport Security. Add this line to your htaccess file:

Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS

Conclusion

My website as example: www.dobbelaere-ae.be. If you leave out the "www" you get 301 redirected to the www version. And if you try to visit the http version, you end up with the https version. Excellent.

Enjoy HTTPS and oh, take a look at all those benefits!.

Maybe this is a very nice addition to the documentation!

I'll write it on my todo list :P

Comment

The forum is deprecated in favor of our Slack channel, which provides real-time support for your issues.

Join us on Slack here: https://fork-cms.herokuapp.com/