Post by squiz » Fri Aug 08, 2014 2:32 am

Hi All,

So Google just announced that they will be giving websites which use HTTPS on all pages a small ranking boost in the search engine. http://googlewebmastercentral.blogspot. ... ignal.html

We already have a SSL for the checkout pages etc which is all installed fine.

My question is how do I make it so that the whole website uses HTTPS? What is the fastest and cleanest way to do this?

Thank you

New member

Posts

Joined
Sun Aug 08, 2010 9:43 pm

Post by victorj » Fri Aug 08, 2014 4:11 am

Open config.php in root of site, and change all http to https
open config.php in folder admin and change all http to https

edit .htaccess and ad a rewrite rule just after Options +FollowSymlinks

Code: Select all

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R=301,L]

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com


User avatar
Expert Member

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by Dhaupin » Fri Aug 08, 2014 4:18 am

Yeah ht works too but stores/routing are so different, and its not easy for a common man to edit ht. Also some servers are not on linux or dont use apache. Its better to hit it at url.php.

You also need to worry about multistores which means it should be open to take form of any dynamic domain, "shipped" in OC. So if all attached entities are SSL enabeled, and you still need to use ht, the alternative (that works on any domain on any port for any route) is this:

Code: Select all

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Last edited by Dhaupin on Fri Aug 08, 2014 4:56 am, edited 1 time in total.

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.


User avatar
Active Member

Posts

Joined
Tue May 13, 2014 3:45 am
Location - PA

Post by victorj » Fri Aug 08, 2014 4:35 am

the one i posted works on my server, the one you posted does not ;D

at least he now has 2 alternatives to try, there will always be one that works.

Just read post on google, interesting enough, just ordered a ssl for my site.

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com


User avatar
Expert Member

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by Dhaupin » Fri Aug 08, 2014 4:53 am

Hah word. I didnt put the RewriteEngine On in my example, if thats why. Edited it to include it. Or it could just be that OC is touchy, combined with vast routing/server differences -- i rarely recommend using HT for this reason with OC if there is a software side fixola.

Does the vQmod above (or editing url.php) work for ya?

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.


User avatar
Active Member

Posts

Joined
Tue May 13, 2014 3:45 am
Location - PA

Post by victorj » Fri Aug 08, 2014 5:03 am

yes it works, but not on first visit, ance a link is clicked it works, thats why i use a rewite rule on my server, each visit will be redirected to https when the enter the site.

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com


User avatar
Expert Member

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by Dhaupin » Fri Aug 08, 2014 11:06 am

Amen i think the same thing my friend! Trying to figure that out in oc url.php with its redirect method, gonna try some stuff in a multi SSL multistore in like 2 hours when stuff calms down...we may be able to pull this off software layer for portability and transparency.

Dont get me wrong, im an HT kinda dude too, and your first suggestion is the most solid HT for bunches of stores :)

EDIT: tried it out, seems to preserve the single or multistores SSL/nonSSL settings nicely. A potential problem arises though with CKeditor putting in a hardline link to the base domain of the OC (like the one you admin on). So if a store 2,3, 4 share an info page, they need SSL img from a store 1 link, which may not have SSL -- lock breaker.

Also if you are using static/apps/media servers you should secure all their SSL else break your lock. To save costs think about 1 util subdomain like go.mybasedomain.com and use olde school subfolders and for all that extra stuff/apps/blogz...unlimited in 1 extra SSL.

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.


User avatar
Active Member

Posts

Joined
Tue May 13, 2014 3:45 am
Location - PA

Post by squiz » Fri Aug 08, 2014 5:01 pm

Thanks for the solutions!

Anyone thinking of doing this and who uses webmaster tools I would highly recommend following this guide https://support.google.com/webmasters/a ... ls_en_post and using the move website tool from Google. If you don't, I think you can loose your ranking while it recrawls the https website.

Thanks again

New member

Posts

Joined
Sun Aug 08, 2010 9:43 pm

Post by victorj » Fri Aug 08, 2014 6:07 pm

if you use the rewrite rule in your .htaccess, all incoming traffic will be redirected to the page they were sent to, but only http changes to https.
in addition a 301 is used telling google that the old url is replaced by new url.

so you wont lose any ranking, its just a matter of time and all urls will be replaced with the new https urls.

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com


User avatar
Expert Member

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by squiz » Fri Aug 08, 2014 6:30 pm

Oh I see, ok awesome. Should be easy then

New member

Posts

Joined
Sun Aug 08, 2010 9:43 pm

Post by victorj » Fri Aug 08, 2014 7:01 pm

yes it is, yesterday evening, i purchesed a certificate for my second site, not for google, but dutch laws do requiere a certificate.
check out any product, change url back to http and you will be forwarded to same page but through https

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com


User avatar
Expert Member

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by sytra » Sat Aug 09, 2014 1:48 am

I have been following this thread and have taken on board the recommendations above, my site now works full SSL except the google feed is now messed up it has lost all its formatting and looks like this:

https://www.aislings.co.uk/ new in stock 24.99 GBP female adult new in stock 23.99 GBP female adult new in stock 36.99 GBP female adult new in stock 36.99 GBP female adult new in stock 29.99 GBP female adult new in stock 43.99 GBP

If we remove the SSL from all pages except the checkout etc it goes back to:
Untitled.jpg

Untitled.jpg (51.68 KiB) Viewed 5345 times

Any idea why?

Running OC 1.5.5.1 with vqmods.
http://www.aislings.co.uk
http://www.lovers-paradise-toys.co.uk


Active Member

Posts

Joined
Sat Feb 04, 2012 6:27 am

Post by Dhaupin » Sat Aug 09, 2014 1:49 am

Ok i figured out what to change in the file manager to enable dynamic base urls for added media. So like when you go into edit a category and wanna put an image or banner in the description spot, the file manager will call it from //www.mysite.com/image/data/foo.jpg (notice a double slash).

By default, the file manager dumps only a http:// reference into Ckeditor which means in SSL mode it will break lock in those spots. This just removes it, or optionally you can uncomment the bottom to make it more hardcore either or.

Here is a vQ snippet - Moderatly tested this time :)

Code: Select all

<modification>

	<id><![CDATA[Adds dynamic src SSL support using a double slash. Optional strict http/https mode based on settings (not recommended).]]></id>
	<version><![CDATA[1.0.2]]></version>
	<vqmver><![CDATA[2.4.1]]></vqmver>
	<author><![CDATA[CreadevDotOrg]]></author>

	<file name="admin/controller/common/filemanager.php">

		<!-- relative //www.url.com as SSL media mode -->
		<operation info="make https conditional" error="log">
			<search position="replace"><![CDATA[
				$this->data['directory'] = HTTP_CATALOG . 'image/data/';
			]]></search>
			<add><![CDATA[
		if (isset($this->request->server['HTTPS']) && (($this->request->server['HTTPS'] == 'on') || ($this->request->server['HTTPS'] == '1'))) {
			$this->data['directory'] =  str_replace('https:', '', HTTPS_CATALOG) . 'image/data/';
		} else {
			$this->data['directory'] =  str_replace('http:', '', HTTP_CATALOG) . 'image/data/';
		}
			]]></add>
		</operation>

		<!-- strict http or https mode - careful this may cause future headaches for you
		<operation info="make https conditional">
			<search position="replace"><![CDATA[
				$this->data['directory'] = HTTP_CATALOG . 'image/data/';
			]]></search>
			<add><![CDATA[
		if (isset($this->request->server['HTTPS']) && (($this->request->server['HTTPS'] == 'on') || ($this->request->server['HTTPS'] == '1'))) {
			$this->data['directory'] = HTTPS_CATALOG . 'image/data/';
		} else {
			$this->data['directory'] = HTTP_CATALOG . 'image/data/';
		}
			]]></add>
		</operation> -->

	</file>

</modification>
Also, you should run a DB query to change anything in descriptions using src="http:// to just src="// but obviously do a backup first. Have fun all!

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.


User avatar
Active Member

Posts

Joined
Tue May 13, 2014 3:45 am
Location - PA

Post by cwswebdesign » Sat Aug 09, 2014 2:03 am

Be careful to not break the functionality of your site over this. So far, I've only seen that HTTPS will have a very small effect on your rankings and to me, it isn't clear if the SSL just has to be present for selected pages or the entire site.

DL

This account is inactive. Look for us under the name 'EvolveWebHosting' and contact us under that username.

Thanks!


User avatar
Active Member

Posts

Joined
Sun Dec 11, 2011 12:26 am
Location - USA

Post by Dhaupin » Sat Aug 09, 2014 2:15 am

cwswebdesign wrote:Be careful to not break the functionality of your site over this. So far, I've only seen that HTTPS will have a very small effect on your rankings and to me, it isn't clear if the SSL just has to be present for selected pages or the entire site.
I think they expect it everywhere. And generally everything now besides content has a very small effect on ranking since there are many hundreds of ranking facets.

Google has been full SSL on everything since 2010, released the SSL overclocking docs in preperation for more net load on hosts, and they say dont block them from ssl anything (like with robots). Besides ranking, its the de-facto now - more and more people are used to seeing the lock everywhere. Even for sites that dont need it everywhere like enterprise wordpress blogs with no "account" features, its seen all pages.

EDIT: Speaking of breaking things, another quirk -- if you use shared multistore sessions, all the multistores must be SSL too else the js wont work.

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.


User avatar
Active Member

Posts

Joined
Tue May 13, 2014 3:45 am
Location - PA

Post by Dhaupin » Sat Aug 09, 2014 2:52 am

sytra wrote:I have been following this thread and have taken on board the recommendations above, my site now works full SSL except the google feed is now messed up.... If we remove the SSL from all pages except the checkout etc ...it goes back, Any idea why?
Is it loading a CSS or JS or something via non-ssl? If so, the browser is prob denying it. Look at the source with and without SSL, its prob the same. Try this out to check for non-ssl elements being blocked:
http://forum.opencart.com/viewtopic.php ... 11#p510402

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.


User avatar
Active Member

Posts

Joined
Tue May 13, 2014 3:45 am
Location - PA

Post by sytra » Sat Aug 09, 2014 3:07 am

Dhaupin wrote: Is it loading a CSS or JS or something via non-ssl? If so, the browser is prob denying it. Look at the source with and without SSL, its prob the same. Try this out to check for non-ssl elements being blocked:
http://forum.opencart.com/viewtopic.php ... 11#p510402
Hi, tried that and nothing shows up, the feed is one of UKSB's however I think they have now stopped doing it so will look at buying another one in the near future and give it a go again then.

Running OC 1.5.5.1 with vqmods.
http://www.aislings.co.uk
http://www.lovers-paradise-toys.co.uk


Active Member

Posts

Joined
Sat Feb 04, 2012 6:27 am

Post by Dhaupin » Sat Aug 09, 2014 7:38 am

sytra wrote:Hi, tried that and nothing shows up, the feed is one of UKSB's however I think they have now stopped doing it so will look at buying another one in the near future and give it a go again then.
Ah i see. Last thought: before you switch up feed mods, run it through your destination in a test both ways. Even if they dont look the same it could be the same code. Im theorizing if something or your browser putting off the style -- if its blocked cause of non-ssl request, you will prob see raw XML in single lines, non tabbed non linebroken (minified). As long as bots can pull the data all the same, it doesnt matter how pretty it looks :)

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.


User avatar
Active Member

Posts

Joined
Tue May 13, 2014 3:45 am
Location - PA

Post by Dhaupin » Sat Aug 09, 2014 8:33 am

Hah so i went to go edit off the experimental part of the initial simple mod and it seems to have disappeared?

Can someone explain why the vQ for url.php was removed? Does it not work? I normally wouldnt touch system/engine but its had to be pliable. Currently running it live with 5 SSL multistores on a ton of mods since the post and it seems to function perfectly, with proper propagation as well as non-ssl fallbacks....everything you would need for a server agnostic SSL-always asset override.....its feeding SSL maps/feed, gracefully pulling off other non SSL multistores....please share wrong-doing...

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.


User avatar
Active Member

Posts

Joined
Tue May 13, 2014 3:45 am
Location - PA

Post by Dhaupin » Fri Aug 15, 2014 7:48 am

Im gonna assume the fix was deleted because it goes against the grain of MCV even though there is no grain :) If anyone needs the SSL-EVERYWHERE vQmod for OC, you can hit me up at dhaupin at creadev dawt org.

A week later Google has indexed our entire site and all multistores as https, is showing it in SERPs with a prefix. In addition to the above thoughts about forcing https, google recommends NOT using htaccess for this. They recommend instead we should send a header to avoid too much redirecting. The best place to do this is in index.php and here is what it looks like, httpsmode for a year. The max-age acts like a cache -- for testing, set it to 5 seconds:

Code: Select all

$response->addHeader('Strict-Transport-Security: max-age=31536000');
Yes another scary thing to edit, something we arent suppost to do. You know what? If it works it works. Thanks and have fun all!

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.


User avatar
Active Member

Posts

Joined
Tue May 13, 2014 3:45 am
Location - PA
Who is online

Users browsing this forum: No registered users and 27 guests