How To Implement SSL To Secure HTTP Traffic (HTTPS)

How To Implement SSL To Secure HTTP Traffic (HTTPS)

Laron

Member
Interesting, let e know if you find a solution.
Found one.

So I left the .htaccess file alone as no matter what I tried I ran into issues.

I noticed an interesting and helpful option in Xenforo that I didn't see the other 50 times I've looked at that screen. It's probably a feature of 2.0.

fixed.jpg

It sits below the Board URL field under Basic board information. (I ticked it)
 

HomerJ

Member
Am I correct in thinking that if I use Cloudflare to force the first request to https - then I don't need the additional rewrite code in the root .htaccess folder?

I discovered a weird issue while migrating to XF last night: When I had Cloudflare enabled and added the extra 2 lines in the .htaccess - the site would get stuck in an infinite redirect loop. This could have just been a Cloudflare caching issue perhaps, I'm going to wait til the weekend to experiment further.
 

eva2000

Well-known member
Am I correct in thinking that if I use Cloudflare to force the first request to https - then I don't need the additional rewrite code in the root .htaccess folder?

I discovered a weird issue while migrating to XF last night: When I had Cloudflare enabled and added the extra 2 lines in the .htaccess - the site would get stuck in an infinite redirect loop. This could have just been a Cloudflare caching issue perhaps, I'm going to wait til the weekend to experiment further.
if you use cloudflare and have always use https enabled and auto rewrite http to https, then no need for .htaccess redirects for non-https to https

edit: fyi, cloudflare has community support forum at https://community.cloudflare.com/ as well so if you have cloudflare specific issues, you can ask there too
 
Last edited:

tourmeister

Active member
I am about to move my vB forum to a new server and upgrade it to XF2. Part of that process is setting up the SSL. I also have two static html content websites on the server with their own domains. For those, I simply created a new .htaccess file and added the following,

RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I have no idea what that means or how it works, but it does. I got it from here. Both of the static sites now have https working (sfriday.com and backroadmotorcycletours.com). Unlike my forum, people visiting those sites enter at the top level directory like,

/home/user/public_html/index.htm

and that is the directory where I put the .htaccess file for those sites. However, my forum will be located in,

/home/forumuser/public_html/forums/index.php

I've not yet transferred my domain to the new IP address on the new server. I have been accessing my XF test site just using http://IP address/ and there has been a redirect in place that moves me from the /public_html straight to the /forums/index.php. A friend set it up for me, so again I have no clue what it does or how.

RewriteOptions inherit

RewriteEngine on
RewriteCond %{HTTP_HOST} ^.*$
RewriteRule ^(.*)$ "http\:\/\/192\.232\.203\.64\/forums\/index\.php$1" [R=301,L]
That .htaccess file sits in the /public_html directory (which is currently password protected). The redirect is there because at this time I don't have a homepage, but plan to add one later. There is also a .htaccess file in the /forums directory,

# Mod_security can interfere with uploading of content such as attachments. If you
# cannot attach files, remove the "#" from the lines below.
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>

ErrorDocument 401 default
ErrorDocument 403 default
ErrorDocument 404 default
ErrorDocument 405 default
ErrorDocument 406 default
ErrorDocument 500 default
ErrorDocument 501 default
ErrorDocument 503 default

<IfModule mod_rewrite.c>
RewriteEngine On

# If you are having problems with the rewrite rules, remove the "#" from the
# line that begins "RewriteBase" below. You will also have to change the path
# of the rewrite to reflect the path to your XenForo installation.
#RewriteBase /xenforo

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
</IfModule>
I am sorry this is long, but want to make sure you see what I have. My question is this, do I need to add the https stuff from the How To I linked to above to BOTH of the .htaccess files or just one? If only one, which one?

After I get my domain name pointed to the new IP address on the new server, I will need to change both/one of the .htaccess files to replace the IP with the domain name to keep that redirect working so people land on the forum index page. I have no idea how that needs to be done. I am not an IT person and this is all pretty new to me. I don't know if one .htaccess file dominates others based on its location in the directory structure or if they all work independently.

Also, there is the XF redirect add on that will be added so all my old links work. Do I need to do anything special because of that or just install the mod and forget about it?

Thanks.
 

boeing747

Member
Thank you for this complete instruction.
I have a problem and its related to users content, so I don't know how to deal with.

In some threads, there are lots of images or urls from different upload centers that dont use SSL. so I get mixed content error.

what should I do in this case?
 

ozzy47

Well-known member
Image Proxy:

If embedding images from remote servers in posts is permitted, then the Image Proxy must be enabled.
If it is not, mixed content warnings will be produced when loading a page with an embedded image from a URL which is not HTTPS.
It can be enabled in the ACP -> Options -> Messages -> Image and Link Proxy: Proxy Images.
Further information regarding the feature is available here: XF 1.3 - EXIF Rotation, ACP Searching, Proxying and Change Logging
 
Top