AWS + Full Session HTTPS

[popowich]

With the Chrome warnings starting to roll out, I'm wondering if anyone else has moved their xenforo from http to https using a free certificate hosted on an ELB with an ec2 running http.

Any thoughts, how-to, guide, gotchas, any related experience and things to look out for?

I get I'll probably need to permanent redirect my site to https using .htaccess.

Do any configs within xenforo need to be updated?

I'm interested in anything SEO to keep in mind too. Expect any temporary pain with Adsense etc?

 

[Chromaniac]

turn on the image proxy for hotlinked images.
xenforo backend has one option where you have to update the url. i don't remember if the config file has url settings.
other than that, google is usually smart about http to https migration. they are the ones pushing for it.

 

[popowich]

For my site, hosted in AWS as described above, the standard .htaccess based "force https" caused redirect loops.

The fix that seems to be working was the combination of updating the site URL (Options -> Basic Board Information) AND adding the follow line to the end of my config.php (source)

// Force HTTPS
$_SERVER['HTTPS'] = 'on';

A bonus perk of this solution is that it's Xenforo specific, allowing me to go fix some wordpress sites sitting in folders one at a time.

 

[popowich]

Double checking I noticed I still need to figure out the .htaccess too since going directly to an http link isn't getting automatically redirected.

Update: These lines added above the Xenforo part of htaccess works for an EC2 listening on port 80 behind an ELB handling the HTTPS

# Force the site to https
RewriteCond %{HTTP:X-Forwarded-Proto} ^http$
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# end force site to https