Post by winter » Mon Mar 20, 2017 10:48 pm

Hi there,

I've read a bunch of posts regarding this but I'm still a little confused. I would like all the pages of my webshop secure.
I am running Open Cart 2 and only get the secure padlock when
My files look as the following:-

root folder config.php
// HTTP
define('HTTP_SERVER', 'http://www.winter-light.nl/store/');

// HTTPS
define('HTTPS_SERVER', 'https://www.winter-light.nl/store/');

Admin config.php
// HTTP
define('HTTP_SERVER', 'http://www.winter-light.nl/store/admin/');
define('HTTP_CATALOG', 'http://www.winter-light.nl/store/');

// HTTPS
define('HTTPS_SERVER', 'https://www.winter-light.nl/admin/');
define('HTTPS_CATALOG', 'https://www.winter-light.nl/');

.htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /store/
RewriteCond %{HTTP_HOST} !^www
RewriteRule ^(.*)$ http://www.winter-light.nl/store/$1 [R=301,L]

Can someone please advise. Many thanks

Mark
Last edited by winter on Tue May 14, 2019 5:47 pm, edited 5 times in total.

New member

Posts

Joined
Wed May 16, 2012 6:10 pm

Post by Qphoria » Tue Mar 21, 2017 12:48 am

So by default, generic pages like product pages, categories, home page, etc are loading over normal http://
Secure pages like account, checkout, etc are loaded over https://
So you see in your config.php there is a HTTP and an HTTPS section which are relative to that design.

If you want all pages to load over https, then simply set https:// for both HTTP_SERVER and HTTPS_SERVER.
Do the same in admin/config.php

As far as the htaccess... you will want to redirect any non-secure calls to the secure version automatically
Try this one https://www.ndchost.com/wiki/apache/red ... p-to-https

Image


User avatar
Administrator

Posts

Joined
Tue Jul 22, 2008 3:02 am

Post by winter » Tue Mar 21, 2017 1:33 am

Thanks for your response.

At the moment it is not automatically securing checkout, account etc.

Should this code in your link replace current code in .htaccess?

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

Does this sit under the <IfModule mod_ .... section?

Thanks again for the assistance.

Grtz,
Mark

New member

Posts

Joined
Wed May 16, 2012 6:10 pm

Post by winter » Tue Mar 21, 2017 9:26 pm

Bumpetty bump. :crazy:

New member

Posts

Joined
Wed May 16, 2012 6:10 pm

Post by sculptex » Wed Mar 22, 2017 2:57 am

The htaccess changes are just if someone enters your url without the https to redirect it, you need to change all instances of http to https in both root and admins config.php plus settings then all internal links and pages generated will be https automatically.

ImageImage


User avatar
Active Member

Posts

Joined
Tue Sep 13, 2011 3:07 am
Location - UK

Post by winter » Wed Mar 22, 2017 2:45 pm

Hi there,

Thanks for the response.
I have set all instances of http to https in both config files for server and catalogue.
All internal links are edited for https.
By settings, I presume you mean the system>settings>store>SSL to yes, which I have done.
Cleared browser cache and still not all pages are loading as HTTPS
When I change the root folder config to this I cannot add items to the shopping cart:-

// HTTP
define('HTTP_SERVER', 'https://www.winter-light.nl/store/');

I'm stumped as to what I have not done correctly to be honest.
Any further pointers would be very helpful.

Thanks in advance.

Mark

New member

Posts

Joined
Wed May 16, 2012 6:10 pm

Post by sculptex » Wed Mar 22, 2017 5:30 pm

Okay, I've looked at your store. There seems to be and instance at the root and in the store subfolder. What structure exactly do you want? Is that htaccess in root or store folder? I prefer putting HTTPS redirect before rewritebase unless there's a reason you want some of site non-ssl.

ImageImage


User avatar
Active Member

Posts

Joined
Tue Sep 13, 2011 3:07 am
Location - UK

Post by winter » Wed Mar 22, 2017 7:47 pm

Thanks for your patience.

What I would like is all pages secure and to redirect http to secure https.
I have read that this may slow down loading etc but I think with a webshop people want to fill safe when logged in.
I have an .htaccess file in the root folder with all the code on and another in the store folder which appears to be for informational purposes.

Thanks again.

New member

Posts

Joined
Wed May 16, 2012 6:10 pm

Post by sculptex » Thu Mar 23, 2017 4:07 am

I still don't understand. Most of the rules point to the store folder which you say is just the catalog?
So if the main store is in root folder, concentrate on just .htaccess in root folder and dont worry about subfolders until you get root folder one working.
If you want all pages on website (regardless of subfolder or not) to be preceded by www. or all pages to be made to use https then you create those rules at the top before any RewriteBase is declared.
So to get root store correct, get rid of all instances of /store in root .htaccess as its just confusing things.
RewriteBase /store/
Means every rule from there relates to that subfolder so change that to
RewriteBase /
and get rid of /store in RewriteRule and all references in config and admin aswell.

This should fix store in root folder?

ImageImage


User avatar
Active Member

Posts

Joined
Tue Sep 13, 2011 3:07 am
Location - UK

Post by victorj » Thu Mar 23, 2017 4:14 am

dutch tutorial on how to have entire shop running ssl
http://forum.opencart.com/viewtopic.php ... 6c9825e1e0

Bold assumtion you can read that

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com


User avatar
Expert Member

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by winter » Thu Mar 23, 2017 4:55 am

Bedankt Victorj - ik ga even kijken!

Grtz,
Mark

New member

Posts

Joined
Wed May 16, 2012 6:10 pm

Post by victorj » Thu Mar 23, 2017 4:58 am

winter wrote:
Thu Mar 23, 2017 4:55 am
Bedankt Victorj - ik ga even kijken!
Ik zie dat alles is voor 1.5.

Werkt het ook met 2.0?

Grtz,
Mark
Wist wel dat je ook nl kon lezen.
iets verder lezen, oc 2.x werkt feitelijk hetzelfde, anders als je er niet uitkomt neem je maar contact op.

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com


User avatar
Expert Member

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by winter » Thu Mar 23, 2017 4:03 pm

@ sculptex - thanks for your response and patience.

Open Cart cart is installed in the following folder - public_html>store, so all of the OC 2.2 files sit in the store map. The .htaccess file sits in the public_html folder.

"So to get root store correct, get rid of all instances of /store in root .htaccess as its just confusing things."

Currently .htaccess looks as this:-
####SUBDOMAINS_HEADER####
RewriteEngine on
#RULE:,winter-light.nl,/store/
#RULE:www,winter-light.nl,/store/
RewriteCond %{HTTP_HOST} ^winter-light.nl$
RewriteCond %{REQUEST_URI} !^/store//
RewriteRule (.*) /store//$1 [last]
RewriteCond %{HTTP_HOST} ^www.winter-light.nl$
RewriteCond %{REQUEST_URI} !^/store//
RewriteRule (.*) /store//$1 [last]
####SUBDOMAINS_TAILER####

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /store/
RewriteCond %{HTTP_HOST} !^www
RewriteRule ^(.*)$ http://www.winter-light.nl/store/$1 [R=301,L]

What lines do I have to edit or delete?
Thanks

Mark
Last edited by winter on Thu Mar 23, 2017 4:27 pm, edited 1 time in total.

New member

Posts

Joined
Wed May 16, 2012 6:10 pm

Post by victorj » Thu Mar 23, 2017 4:24 pm

https://www.whynopadlock.com/

Server heeft een error

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com


User avatar
Expert Member

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by winter » Thu Mar 23, 2017 5:24 pm

Met deze bedoel je Victor?

Insecure <form> call.
Found on line # 300 in file: www.winter-light.nl/index.html

Insecure <form> call.
Found on line # 343 in file: www.winter-light.nl/index.html

New member

Posts

Joined
Wed May 16, 2012 6:10 pm

Post by sculptex » Fri Mar 24, 2017 8:36 pm

.htaccess in store folder (keep any other stuff in there such as prevent directory listing etc.)

Code: Select all

RewriteEngine On

# Add www. preserve http(s)
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www\.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# Force https
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

RewriteBase /store/
# The the usual Opencart stuff
RewriteRule ^sitemap.xml$ index.php?route=feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=feed/google_base [L]
RewriteRule ^system/download/(.*) index.php?route=error/not_found [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
in root folder

Code: Select all

RewriteEngine On

# Add www. preserve http(s)
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www\.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

# Force https
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]

ImageImage


User avatar
Active Member

Posts

Joined
Tue Sep 13, 2011 3:07 am
Location - UK

Post by winter » Fri Mar 24, 2017 11:35 pm

Thanks for the response sculptex.

It would seem that there is a bug also in 2.2 which does not make the version fully SSL compatible.
I have seen a link for a workaround but will try to sort out the .htaccess file first.
My update to 2.3 did not work so a little frustrating to say the least.
Theme is not compatible with 2.3 :crazy:

New member

Posts

Joined
Wed May 16, 2012 6:10 pm

Post by artcore » Sat Mar 25, 2017 1:51 am

I also ran into an issue putting a 2.2.0.0 on ssl. Couldn't login into admin nor frontend.
Below solved it for me:

system/library/url.php

Code: Select all

if ($this->ssl && $secure) {
			$url = 'https://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/index.php?route=' . $route;
		} else {
			$url = 'http://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/index.php?route=' . $route;
		}
changed to (One 's' added but for context):

Code: Select all

if ($this->ssl && $secure) {
			$url = 'https://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/index.php?route=' . $route;
		} else {
			$url = 'https://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/index.php?route=' . $route;
		}
There are other ways, but this is quick fix

Attn: I no longer provide OpenCart extensions, nor future support - this includes forum posts.
Reason: OpenCart version 3+ ;D

Thanks!


User avatar
Active Member

Posts

Joined
Tue Jul 09, 2013 4:13 am
Location - The Netherlands

Post by jenifferhomes » Sun Mar 26, 2017 4:38 pm

you need to change all instances of http to https in both root and admins config.php plus settings then all internal links

Thanks
website
"Opencart is the best of all" :-*


Newbie

Posts

Joined
Mon Jun 13, 2016 4:08 pm
Location - uk

Post by artcore » Sun Mar 26, 2017 5:59 pm

There's only a few steps to take:

- change both config.php files: HTTPS_SERVER entry, http->https. Should be default config for opencart.

Code: Select all

// HTTPS
define('HTTPS_SERVER', 'https://yourdomain.tld');
Admin->settings>store check SSL

Important but often forgotten, change your htaccess to redirect to non-www AND https if not entered/clicked from google by the visitor. This will also make sure the fonts are loaded and ajax + api callls work as intended

Code: Select all

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^(.*) https://yourdomain.tld%{REQUEST_URI} [R=301,L,NE]
RewriteBase /
RewriteBase is the relative folder where you installed the shop.

For OC2.2.0.0 use above fix for url.php as well.

Make sure images in stylesheets for instance are not hard coded to use http without 's'. Same for images in product description and information pages.

Attn: I no longer provide OpenCart extensions, nor future support - this includes forum posts.
Reason: OpenCart version 3+ ;D

Thanks!


User avatar
Active Member

Posts

Joined
Tue Jul 09, 2013 4:13 am
Location - The Netherlands
Who is online

Users browsing this forum: No registered users and 59 guests