• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
How To Implement SSL To Secure HTTP Traffic (HTTPS)

How To Implement SSL To Secure HTTP Traffic (HTTPS)

Donny

Active member
#41
I'm setting up all new sites as https but am worried about established older sites. What has changing your forums over to https done with regards to your adsense? perhaps most recently @CyclingTribe ?
 

CTXMedia

Formerly CyclingTribe
#42
I'm setting up all new sites as https but am worried about established older sites. What has changing your forums over to https done with regards to your adsense? perhaps most recently @CyclingTribe ?
Nothing dramatic - thankfully. It's not easy to tell as this is our slowest time of year for revenue, so a slight dip may or may not be associated with the switch, but certainly not enough to cause any major concern - especially considering our site is being completely reindexed. (y)

The reindexing began very quickly and we seem to have retained our backlinks in Google Search Console, which is good. I've also modified all the redirects from various other domains that I had pointing at CycleChat and additionally forced the primary (non-www) domain to redirect to www so that everything now 301 redirects to https://www.cyclechat.net/ - which has tidied things up quite a bit.

I must admit to having some reservations myself, especially with regards to revenue, but everything seems to have gone pretty smoothly. :)
 
Last edited:

Betclever

Active member
#43
Firstly, thanks Brogan for this tuto. Very useful!

I have an issue since I moved to HTTPS...

https://gyazo.com/b97c99f8939c33110ad7ddc721bcd2fd

I don't see the padlock but it is normal because of the link which is not correct.
In fact, it must be https://bet-clever.com/forum/nhl.26/ (or something with a thread) instead of https://bet-clever.comsujet/

I have this issue with a lof of old links.

Here is my .htaccess rules:

RewriteEngine On

RewriteCond %{HTTP_HOST} www.bet-clever.com$
RewriteRule ^(.*)$ https://bet-clever.com$1 [R=301,L]

RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Anyway, the rest is ok, everything is fine but I would like to solve those 2 issues...

What's wrong please?

Thanks.
 
Last edited:

Donny

Active member
#44
That's bad for rankings because google would assume that it's duplicate content.

https://ahrefs.com/blog/ssl/
Nothing dramatic - thankfully. It's not easy to tell as this is our slowest time of year for revenue, so a slight dip may or may not be associated with the switch, but certainly no enough to cause any major concern - especially considering our site is being completely reindexed. (y)

The reindexing began very quickly and we seem to have retained our backlinks in Google Search Console, which is good. I've also modified all the redirects from various other domains that I had pointing at CycleChat and additionally forced the primary (non-www) domain to redirect to www so that everything now 301 redirects to https://www.cyclechat.net/ - which has tidied things up quite a bit.

I must admit to having some reservations myself, especially with regards to revenue, but everything seems to have gone pretty smoothly. :)
That's exactly what I needed to hear. I'm assuming most advertisers that are selling something I assume have HTTPS thesmelves anyway. Some of my sites have quite a lot of advertisers advertising services though (so no online store, just contact info and online price lists etc) so I'm wondering if their non-HTTPS sites would affect my CPC much. I'd hope Google would appreciate my efforts and sort me out with some blue-chip replacements and double my CPC ha (he wishes).
 
#45
...and if you are getting security errors (incomplete encryption) in your address bar, you can locate the offending part of your site by using Firefox, go into Tools/Web Developer/Web Console, and hit F5 to reload your page. Any SSL errors will show up in red in the Web Console.
 

Martok

Well-known member
#46

Live Free

Active member
#48
I make the upgrade to SSL last night. It was a longer night than I anticipated :p. I still need to update some of peripherals in this guide, but I am experiencing two major issues I was hoping someone might be able to help shed some light on.

  • Broken navigation on mobile (vertical view not horizontal)
IMG_2782.PNG IMG_2783.PNG

Normally I'd dig in an Inspect Element/View Console but I don't know how to examine the issues on a mobile device.
  • One user reported being unable to post via Safari
I tested Safari on my machine and was able to post, as one another member.

Any suggestions on what to look into?
 

Brogan

XenForo moderator
Staff member
#49
The layout issues won't have anything to do with switching to https.

For the posting issue, if it only affects one member, it's going to be something local to them such as browser caching.
 

Live Free

Active member
#50
The layout issues won't have anything to do with switching to https.

For the posting issue, if it only affects one member, it's going to be something local to them such as browser caching.
The layout issue wasn't there yesterday before the https switch. :/

I'll try to gather additional information on Safari, see if anyone else reports it.

Edit: Safari is broken on my mobile browser also. Post buttons there but no field.

IMG_2785.PNG

IMG_2786.PNG

Edit: @Brogan both the design and Safari issues seemed to relate to cache/cookies that references http, after getting the users to clear them the issues were resolved.

I do have a couple other questions if you don't mind.
 
Last edited:
#51
This article on page 1 gave me exactly the items I needed to resolve mixed content errors in the browser. I already had the Apache items done and needed the xenforo specific items
 
#52
I have the following rewrite rule:
Code:
RewriteEngine On

RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

RewriteRule t([\d]+)-([\d]+)/ showthread.php?t=$1&page=$2 [NC,L]
RewriteRule t([\d]+)/ showthread.php?t=$1 [NC,L]
RewriteRule f([\d]+)-([\d]+)/ forumdisplay.php?f=$1&page=$2 [NC,L]
RewriteRule f([\d]+)/ forumdisplay.php?f=$1 [NC,L]

RewriteRule ^home/(.*)$ index.php$1 [R=301,L]
RewriteRule ^tags.php(.*)$ index.php$1 [R=301,L]
RewriteRule ^blog.php(.*)$ index.php$1 [R=301,L]
RewriteRule ^forum.php(.*)$ index.php$1 [R=301,L]
RewriteRule ^entry.php(.*)$ index.php$1 [R=301,L]
RewriteRule ^usercp.php(.*)$ account/$1 [R=301,L]
RewriteRule ^group.php(.*)$ index.php$1 [R=301,L]
RewriteRule ^showgroups.php(.*)$ online/$1 [R=301,L]
RewriteRule ^calendar.php(.*)$ index.php$1 [R=301,L]
RewriteRule ^memberlist.php(.*)$ members/$1 [R=301,L]
RewriteRule ^private.php(.*)$ conversations/$1 [R=301,L]
RewriteRule ^external.php(.*)$ forums/-/index.rss$1 [R=301,L]
and seems conflicting with Force HTTPS:
Code:
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Please advise. Thank you.
 
#53
I have the following rewrite rule:
Code:
RewriteEngine On

RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

RewriteRule t([\d]+)-([\d]+)/ showthread.php?t=$1&page=$2 [NC,L]
RewriteRule t([\d]+)/ showthread.php?t=$1 [NC,L]
RewriteRule f([\d]+)-([\d]+)/ forumdisplay.php?f=$1&page=$2 [NC,L]
RewriteRule f([\d]+)/ forumdisplay.php?f=$1 [NC,L]

RewriteRule ^home/(.*)$ index.php$1 [R=301,L]
RewriteRule ^tags.php(.*)$ index.php$1 [R=301,L]
RewriteRule ^blog.php(.*)$ index.php$1 [R=301,L]
RewriteRule ^forum.php(.*)$ index.php$1 [R=301,L]
RewriteRule ^entry.php(.*)$ index.php$1 [R=301,L]
RewriteRule ^usercp.php(.*)$ account/$1 [R=301,L]
RewriteRule ^group.php(.*)$ index.php$1 [R=301,L]
RewriteRule ^showgroups.php(.*)$ online/$1 [R=301,L]
RewriteRule ^calendar.php(.*)$ index.php$1 [R=301,L]
RewriteRule ^memberlist.php(.*)$ members/$1 [R=301,L]
RewriteRule ^private.php(.*)$ conversations/$1 [R=301,L]
RewriteRule ^external.php(.*)$ forums/-/index.rss$1 [R=301,L]
and seems conflicting with Force HTTPS:
Code:
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Please advise. Thank you.

You do not need the individual pages rewrites - here is my re-write config along with the settings with the Admin control panel settings at the first page of this thread

Code:
    RequestHeader set X-Forwarded-Proto "http"
     RewriteEngine On
     RewriteCond %{HTTP:X-Forwarded-Proto} !https
     RewriteCond %{HTTPS} off
     RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
 

Chad

Active member
#54
You do not need the individual pages rewrites - here is my re-write config along with the settings with the Admin control panel settings at the first page of this thread

Code:
    RequestHeader set X-Forwarded-Proto "http"
     RewriteEngine On
     RewriteCond %{HTTP:X-Forwarded-Proto} !https
     RewriteCond %{HTTPS} off
     RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
I tried your method, and the conversation drop down menu is now blank and extended vertically. I cannot access Conversations area either via the profile drop down link. Just refreshes homepage.

.htaccess

Code:
RequestHeader set X-Forwarded-Proto "http"
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

RewriteCond %{HTTP_HOST} !^www\.talkjesus\.com$
RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteRule ^[^/]+/([0-9]+)-[^\.]+\.html$ /index.php?threads/$1/ [R=301,L]

   
#    Mod_security can interfere with uploading of content such as attachments. If you
#    cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
#    SecFilterEngine Off
#    SecFilterScanPOST Off
#</IfModule>

## EXPIRES CACHING ##
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access 1 year"
    ExpiresByType image/jpeg "access 1 year"
    ExpiresByType image/gif "access 1 year"
    ExpiresByType image/png "access 1 year"
    ExpiresByType text/css "access 1 month"
    ExpiresByType text/html "access 1 month"
    ExpiresByType application/pdf "access 1 month"
    ExpiresByType text/x-javascript "access 1 month"
    ExpiresByType application/x-shockwave-flash "access 1 month"
    ExpiresByType image/x-icon "access 1 year"
    ExpiresDefault "access 1 month"
</IfModule>
## EXPIRES CACHING ##

Header unset Pragma
FileETag None
Header unset ETag

<IfModule mod_gzip.c>
    mod_gzip_on Yes
    mod_gzip_dechunk Yes
    mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
    mod_gzip_item_include handler ^cgi-script$
    mod_gzip_item_include mime ^text/.*
    mod_gzip_item_include mime ^application/x-javascript.*
    mod_gzip_item_exclude mime ^image/.*
    mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</IfModule>

<IfModule mod_deflate.c>
# Compress HTML, CSS, JavaScript, Text, XML and fonts
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
    AddOutputFilterByType DEFLATE application/x-font
    AddOutputFilterByType DEFLATE application/x-font-opentype
    AddOutputFilterByType DEFLATE application/x-font-otf
    AddOutputFilterByType DEFLATE application/x-font-truetype
    AddOutputFilterByType DEFLATE application/x-font-ttf
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE font/opentype
    AddOutputFilterByType DEFLATE font/otf
    AddOutputFilterByType DEFLATE font/ttf
    AddOutputFilterByType DEFLATE image/svg+xml
    AddOutputFilterByType DEFLATE image/x-icon
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/javascript
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/xml

    # Remove browser bugs (only needed for really old browsers)
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
    Header append Vary User-Agent
</IfModule>

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 500 default

<IfModule mod_rewrite.c>
    RewriteEngine On

    #    If you are having problems with the rewrite rules, remove the "#" from the
    #    line that begins "RewriteBase" below. You will also have to change the path
    #    of the rewrite to reflect the path to your XenForo installation.
    #RewriteBase /

    #    This line may be needed to enable WebDAV editing with PHP as a CGI.
    #RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -l [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
    RewriteRule ^.*$ - [NC,L]

    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
    RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
   
    RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$
    RewriteCond %{REQUEST_URI} !^/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
    RewriteRule ^.*$ index.php [NC,L]
</IfModule>

<Files 403.shtml>
    order allow,deny
    allow from all
</Files>

# php -- BEGIN cPanel-generated handler, do not edit
# This domain inherits the “PHP” package.
# php -- END cPanel-generated handler, do not edit
 
#55
how about litespeed instead of apache ?
is this correct?
Code:
rewriteCond %{HTTPS} !on
rewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
 
#59
Just followed the guide for a new site of mine and I think it's working as it should. Anyone care to double-check?

https://www.nbagoat.com

I use URLJet for my webhost and when I went into the CPanel, they apparently automatically issue a SSL cert when you add the domain so it was already sitting there waiting for me to use.
 
Last edited: