Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2016-06-08 09:12:56

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,909
Website

rewrite http to https

I have, miraculously, after a few scares, successfully setup SSL certs on CSF properties with WebFaction using LetsEncrypt. /big applause/

Now I’m cleaning up the lose ends…

I want to redirect any calls to http to https. I’ve found this but have no idea if it’s right or safe:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

But I was also wondering if that could be combined with the Class B redirecting for “www” too in a single statement, or is it okay to just stack different rules?

Offline

#2 2016-06-08 09:21:33

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,726
Website

Re: rewrite http to https

Hi Destry,

Good that you got it working. Have a look here and here in the HTML5 Boilerplate .htaccess for tried-and-tested ways of doing https redirects.


TXP Builders – finely-crafted code, design and txp

Offline

#3 2016-06-08 09:26:28

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,909
Website

Re: rewrite http to https

Sweet. Thanks. Looks like option 1 from your second link is the meal ticket:

RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ %{ENV:PROTO}://%1%{REQUEST_URI} [R=301,L]

I’ll throw those into the .htaccess soup and see what floats.

Offline

#4 2016-06-08 09:29:48

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,909
Website

Re: rewrite http to https

Btw, if anyone would like a tutorial on the LE certs with WebFaction, let me know. I have a knack for taking developer notes and making then 10x more understandable after wrestling through the process myself. ;)

Offline

#5 2016-06-08 09:49:38

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,909
Website

Re: rewrite http to https

Hmm… those HTML5 boilerplate rules didn’t work, neither for redirecting www calls, nor for http calls. The www calls got thrown into an endless redirect loop. The http calls didn’t do anything but just go to http URLs. I have a feeling it has something to do with their %{ENV:PROTO} variable, but I couldn’t really say.

Went back to the default Class B rules and that works again flawlessly.

## OLD (reliable) -- Class B redirection (no "www")
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

Still in need of the http fix.

Offline

#6 2016-06-08 09:59:23

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,909
Website

Re: rewrite http to https

Apache recommends this method for http to https, specifically.

Offline

#7 2016-06-08 10:11:13

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,448
Website GitHub

Re: rewrite http to https

Destry wrote #299616:

if anyone would like a tutorial on the LE certs

And as an aside, if anyone would like a hassle-free way to set up LE certs on their own hosting system, I heartily recommend certbot.eff.org/. It has a wizard that handles setup, including configuring cron for automatic renewal of certs. Been running like a dream on my host for a few weeks now.

Props go to Pete Cooper who’s my digital pusher, keeping his ear to the ground and feeding me with awesome scripts and tools that make hosting incrementally simpler.


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Online

#8 2016-06-08 10:23:39

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,909
Website

Re: rewrite http to https

CertBot looks cool. I went with something similar, I think; a tute I found that uses acme.sh, a pure-shell implementation of Automated Certificate Management Environment (ACME). It creates a .acme.sh directory and auto-organizes the resulting certs into sub-folders by domain name, and auto-renews the LetsEncrypt certs when due. Only pain with WebFaction is you have to involve them initially to activate the certs, but it’s just a support ticket and quick turn-around.

Half the battle for me was understanding the tutorial to begin with. But walking through it all did allow me to discover I had CNAME records setup wrong. Now the sun shines…

Except I can’t access virtual hosts file for this darn http redirect.

Looks like it’s the .htaccess approach after all.

Offline

#9 2016-06-08 10:31:13

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,726
Website

Re: rewrite http to https

Destry wrote #299617:

Hmm… those HTML5 boilerplate rules didn’t work … I have a feeling it has something to do with their %{ENV:PROTO} variable, but I couldn’t really say.

For that I believe you need the couple of lines from the first link above (e.g. lines 338-341) which sets that to use which protocol is available but if you want to force it, you could simply replace %{ENV:PROTO} with https.


TXP Builders – finely-crafted code, design and txp

Offline

#10 2016-06-08 10:33:03

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,909
Website

Re: rewrite http to https

Aw, I see. I should have looked closer. When Jakob gives you two links, there’s a reason. ;)

Offline

#11 2016-06-08 11:40:46

jakob
Admin
From: Germany
Registered: 2005-01-20
Posts: 4,726
Website

Re: rewrite http to https

It means I’m not sure myself, but happened to see both ;-)


TXP Builders – finely-crafted code, design and txp

Offline

#12 2016-06-08 11:52:41

Destry
Member
From: Haut-Rhin
Registered: 2004-08-04
Posts: 4,909
Website

Re: rewrite http to https

It doesn’t seem to work either way; trying a http call just opens the call without difference. No redirection at all to https.

Trying these rules does attempt to redirect it, but throws an error:

The page isn’t redirecting properly

Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

This problem can sometimes be caused by disabling or refusing to accept cookies.

I’m accepting cookies so the cookie thing isn’t the problem.

Looks like I’ll have to open another WF ticket.

Btw, anyone following along at home can have fun too. Ideally, any call to either of these:

  • http://csf.community
  • http://www.csf.community
  • https://www.csf.community

Should redirect to this:

  • https://csf.community

But it seems to be a hard thing to achieve, or I have a config problem somewhere.

As it is now, using the regular Class B redirect rules (no www) with no http redirection:

RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

Calls will go like this:

  • http://csf.community —> same
  • https://csf.community —> same
  • http://www.csf.community —> http://csf.community/
  • https://www.csf.community —> http://csf.community

That fourth case is odd, I would have at least expected it to go to https://csf.community

Last edited by Destry (2016-06-08 12:05:27)

Offline

Board footer

Powered by FluxBB