I've read a bunch of posts regarding this but I'm still a little confused. I would like all the pages of my webshop secure.
I am running Open Cart 2 and only get the secure padlock when
My files look as the following:-
root folder config.php
// HTTP
define('HTTP_SERVER', 'http://www.winter-light.nl/store/');
// HTTPS
define('HTTPS_SERVER', 'https://www.winter-light.nl/store/');
Admin config.php
// HTTP
define('HTTP_SERVER', 'http://www.winter-light.nl/store/admin/');
define('HTTP_CATALOG', 'http://www.winter-light.nl/store/');
// HTTPS
define('HTTPS_SERVER', 'https://www.winter-light.nl/admin/');
define('HTTPS_CATALOG', 'https://www.winter-light.nl/');
.htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /store/
RewriteCond %{HTTP_HOST} !^www
RewriteRule ^(.*)$ http://www.winter-light.nl/store/$1 [R=301,L]
Can someone please advise. Many thanks
Mark
Secure pages like account, checkout, etc are loaded over https://
So you see in your config.php there is a HTTP and an HTTPS section which are relative to that design.
If you want all pages to load over https, then simply set https:// for both HTTP_SERVER and HTTPS_SERVER.
Do the same in admin/config.php
As far as the htaccess... you will want to redirect any non-secure calls to the secure version automatically
Try this one https://www.ndchost.com/wiki/apache/red ... p-to-https
At the moment it is not automatically securing checkout, account etc.
Should this code in your link replace current code in .htaccess?
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
Does this sit under the <IfModule mod_ .... section?
Thanks again for the assistance.
Grtz,
Mark
Thanks for the response.
I have set all instances of http to https in both config files for server and catalogue.
All internal links are edited for https.
By settings, I presume you mean the system>settings>store>SSL to yes, which I have done.
Cleared browser cache and still not all pages are loading as HTTPS
When I change the root folder config to this I cannot add items to the shopping cart:-
// HTTP
define('HTTP_SERVER', 'https://www.winter-light.nl/store/');
I'm stumped as to what I have not done correctly to be honest.
Any further pointers would be very helpful.
Thanks in advance.
Mark
What I would like is all pages secure and to redirect http to secure https.
I have read that this may slow down loading etc but I think with a webshop people want to fill safe when logged in.
I have an .htaccess file in the root folder with all the code on and another in the store folder which appears to be for informational purposes.
Thanks again.
So if the main store is in root folder, concentrate on just .htaccess in root folder and dont worry about subfolders until you get root folder one working.
If you want all pages on website (regardless of subfolder or not) to be preceded by www. or all pages to be made to use https then you create those rules at the top before any RewriteBase is declared.
So to get root store correct, get rid of all instances of /store in root .htaccess as its just confusing things.
RewriteBase /store/
Means every rule from there relates to that subfolder so change that to
RewriteBase /
and get rid of /store in RewriteRule and all references in config and admin aswell.
This should fix store in root folder?
http://forum.opencart.com/viewtopic.php ... 6c9825e1e0
Bold assumtion you can read that
Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com
Wist wel dat je ook nl kon lezen.
iets verder lezen, oc 2.x werkt feitelijk hetzelfde, anders als je er niet uitkomt neem je maar contact op.
Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com
Open Cart cart is installed in the following folder - public_html>store, so all of the OC 2.2 files sit in the store map. The .htaccess file sits in the public_html folder.
"So to get root store correct, get rid of all instances of /store in root .htaccess as its just confusing things."
Currently .htaccess looks as this:-
####SUBDOMAINS_HEADER####
RewriteEngine on
#RULE:,winter-light.nl,/store/
#RULE:www,winter-light.nl,/store/
RewriteCond %{HTTP_HOST} ^winter-light.nl$
RewriteCond %{REQUEST_URI} !^/store//
RewriteRule (.*) /store//$1 [last]
RewriteCond %{HTTP_HOST} ^www.winter-light.nl$
RewriteCond %{REQUEST_URI} !^/store//
RewriteRule (.*) /store//$1 [last]
####SUBDOMAINS_TAILER####
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /store/
RewriteCond %{HTTP_HOST} !^www
RewriteRule ^(.*)$ http://www.winter-light.nl/store/$1 [R=301,L]
What lines do I have to edit or delete?
Thanks
Mark
Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com
Insecure <form> call.
Found on line # 300 in file: www.winter-light.nl/index.html
Insecure <form> call.
Found on line # 343 in file: www.winter-light.nl/index.html
Code: Select all
RewriteEngine On
# Add www. preserve http(s)
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www\.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Force https
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
RewriteBase /store/
# The the usual Opencart stuff
RewriteRule ^sitemap.xml$ index.php?route=feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=feed/google_base [L]
RewriteRule ^system/download/(.*) index.php?route=error/not_found [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
Code: Select all
RewriteEngine On
# Add www. preserve http(s)
RewriteCond %{HTTP_HOST} !^$
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ http%1://www\.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Force https
RewriteCond %{HTTPS} !=on
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
It would seem that there is a bug also in 2.2 which does not make the version fully SSL compatible.
I have seen a link for a workaround but will try to sort out the .htaccess file first.
My update to 2.3 did not work so a little frustrating to say the least.
Theme is not compatible with 2.3
Below solved it for me:
system/library/url.php
Code: Select all
if ($this->ssl && $secure) {
$url = 'https://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/index.php?route=' . $route;
} else {
$url = 'http://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/index.php?route=' . $route;
}
Code: Select all
if ($this->ssl && $secure) {
$url = 'https://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/index.php?route=' . $route;
} else {
$url = 'https://' . $_SERVER['HTTP_HOST'] . rtrim(dirname($_SERVER['SCRIPT_NAME']), '/.\\') . '/index.php?route=' . $route;
}
Attn: I no longer provide OpenCart extensions, nor future support - this includes forum posts.
Reason: OpenCart version 3+
Thanks!
Thanks
website
"Opencart is the best of all"
- change both config.php files: HTTPS_SERVER entry, http->https. Should be default config for opencart.
Code: Select all
// HTTPS
define('HTTPS_SERVER', 'https://yourdomain.tld');
Important but often forgotten, change your htaccess to redirect to non-www AND https if not entered/clicked from google by the visitor. This will also make sure the fonts are loaded and ajax + api callls work as intended
Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^(.*) https://yourdomain.tld%{REQUEST_URI} [R=301,L,NE]
RewriteBase /
For OC2.2.0.0 use above fix for url.php as well.
Make sure images in stylesheets for instance are not hard coded to use http without 's'. Same for images in product description and information pages.
Attn: I no longer provide OpenCart extensions, nor future support - this includes forum posts.
Reason: OpenCart version 3+
Thanks!
Users browsing this forum: No registered users and 16 guests