Post by Matty » Sat Jun 01, 2013 10:07 pm

Hi, I have just installed my SSL certificate and would like to force all pages (not just checkout) to use "https://".

What is the best way to do this with opencart v1.5.1?

Thanks
Matt

New member

Posts

Joined
Fri Feb 05, 2010 5:56 pm

Post by victorj » Sat Jun 01, 2013 10:41 pm

open config.php in root af site and change all http to https
do same with config.php in admin.

edit .htaccess

find:
Options +FollowSymlinks

change to:
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yoursite.com/$1 [R=301,L]

if you use www. in front of domainname make sure you put www.yoursite.com
no need to say that you will have to change yoursite.com to actual url.

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Eigen productie en snelle levering.
https://123-deurrubbers.com


User avatar
Expert Member
Online

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by Johnathan » Sun Jun 02, 2013 3:24 am

You should note that using SSL on all pages will significantly slow down page loading, so it's really not recommended unless all pages NEED to be over SSL.

Image
Image Image Image Image


User avatar
Global Moderator

Posts

Joined
Fri Dec 18, 2009 3:08 am


Post by victorj » Sun Jun 02, 2013 3:54 am

Johnathan wrote:Please note that using SSL on all pages will significantly slow down page loading, so it's really not recommended unless all pages NEED to be over SSL.
Yes it skows down a small bit especially when you have large pictures of products.
And yes we need a serverupgrade to compensate for it as traffic is growing now.
But definitly worth it just that little more insurance and trust to customers especially here in the netherlands.
Sales went up with more than 10%

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Eigen productie en snelle levering.
https://123-deurrubbers.com


User avatar
Expert Member
Online

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by Matty » Sun Jun 02, 2013 8:24 pm

victorj wrote:open config.php in root af site and change all http to https
do same with config.php in admin.

edit .htaccess

find:
Options +FollowSymlinks

change to:
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yoursite.com/$1 [R=301,L]

if you use www. in front of domainname make sure you put http://www.yoursite.com
no need to say that you will have to change yoursite.com to actual url.
Thanks very much. I have tried this but now I'm getting "Secure Connection Failed" error.
Secure Connection Failed
An error occurred during a connection to http://www.mysite.com. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem. Alternatively, use the command found in the help menu to report this broken site.
Thanks
Matt

New member

Posts

Joined
Fri Feb 05, 2010 5:56 pm

Post by victorj » Mon Jun 03, 2013 3:16 am

config.php in root should looklike this when you want entire site to run under SSl

Code: Select all

<?php
// HTTP
define('HTTP_SERVER', 'https://yoursite.com/');

// HTTPS
define('HTTPS_SERVER', 'https://yoursite.com/');
config.php in admin

Code: Select all

<?php
// HTTP
define('HTTP_SERVER', 'http://yoursite.com/admin/');
define('HTTP_CATALOG', 'http://yoursite.com/');

// HTTPS
define('HTTPS_SERVER', 'http://yoursite.com/admin/');
define('HTTPS_CATALOG', 'http://yoursite.com/');
you only need rewrite in .htaccess to force first visit to site to go to https when entering site throung non https after clicking first link site should go to https

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Eigen productie en snelle levering.
https://123-deurrubbers.com


User avatar
Expert Member
Online

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by admiss » Tue Apr 07, 2015 7:45 pm

Okay, I wasted to much time for this without any result, so I need help with this.

I want to set up ssl for all pages in OC 1.5.6.4.
At this time green padlock appears correctly only on checkout page and in admin.

I've asked our domain and hosting provider (123-reg.co.uk) about our exact domain name
"The SSL has to be purchased for http://www...co.uk which will cover the naked domain too salamitrade.co.uk
You will have to use http://www...co.uk"

.htaccess
RewriteEngine On
RewriteCond %{HTTPS} !=off
RewriteRule ^/?(checkout|account|admin) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^site\.co\.uk [NC]
RewriteRule ^(.*)$ https://www.site.co.uk/$1 [R,L]


config.php
// HTTP
define('HTTP_SERVER', 'https://www.site.co.uk/');
// HTTPS
define('HTTPS_SERVER', 'https://www.site.co.uk/');
define('HTTPS_IMAGE', 'https://www.site.co.uk/image/');

/admin/config.php
// HTTP
define('HTTP_SERVER', 'https://www.site.co.uk/admin/');
define('HTTP_CATALOG', 'https://www.site.co.uk/');

// HTTPS
define('HTTPS_SERVER', 'https://www.site.co.uk/admin/');
define('HTTPS_CATALOG', 'https://www.site.co.uk/');
define('HTTPS_IMAGE', 'https://www.site.co.uk/image/');



In backend Use SSL is set to YES.
What should I change so that the green padlock appears before all pages link in url bar - no only on checkout page?

Thank you!

Attachments

ssl.png

admin&checkout pages green padlock, other pages grey padlock - ssl.png (30.85 KiB) Viewed 25868 times

Last edited by admiss on Fri Apr 10, 2015 3:16 am, edited 1 time in total.

Newbie

Posts

Joined
Thu Mar 26, 2015 4:57 pm

Post by victorj » Tue Apr 07, 2015 8:02 pm

change your rewrite rule in .htaccess to

Code: Select all

RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.salamitrade.co.uk/$1 [R=301,L]
there are also some elements in your theme not served through https, these should be corrected as wel.

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Alle niet stekplichtige onderdelen zoals scharnieren, sloten, randverwarming en verlichting voor alle typen koelingen en vriezers.
https://koelcel-onderdelen.com

Koeltechnische deurrubbers eenvoudig online op maat bestellen.
Eigen productie en snelle levering.
https://123-deurrubbers.com


User avatar
Expert Member
Online

Posts

Joined
Sat Jun 25, 2011 4:09 am
Location - Alkmaar Holland

Post by Dhaupin » Tue Apr 07, 2015 10:31 pm

SSL wont make your site slower unless you are on a totally crap host or you try to re-write things instead of fixing the root (forcing double rewrite connects and things). You need to do more than change htaccess, otherwise your store will be in "barely SSL" mode and you may end up seeing broken locks or missing assets often. Assets, menus, link gen, relative urls, old SRC migrations, etc need to be changed relative/HTTPS dynamically. Also think about your media manager, it may try to add wrong protocol links so that should be fixed too. Your multistore sessions hack will fail without fixing it. Your sitemaps will be in http mode without asset rewrite. If you end up using something like CloudFlare free ssl you need correct proxy headers as well. Finally, you should be using HSTS if you are SSL-everywhere, otherwise youre missing out on a huge advantage and 307 switch performance increase. Then what about multistores? Those triggers may get hard to mitigate from just htaccess or just from configs, and it may be tedious to get your store to realize what mode it should be in.

Shameless plug: The good news is that we made a mod that does all of that on a multistore basis without touching htaccess: http://www.opencart.com/index.php?route ... n_id=19396

2.x version coming soon, the cost is worth it for the hour or more of time saved messing around trying to DIY it all or learn about headers. Drop it in, good to go.

https://creadev.org | support@creadev.org - Opencart Extensions, Integrations, & Development. Made in the USA.


User avatar
Active Member

Posts

Joined
Tue May 13, 2014 3:45 am
Location - PA

Post by gtoc » Mon Apr 13, 2015 3:36 pm

Hi,

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yoursite.com/$1 [R=301,L]

I have seen this rule written with '[R=301],L' and also just '[R,L]'. Which version is best?

New member

Posts

Joined
Tue Apr 23, 2013 12:11 pm

Post by soundzgood-nz » Mon Apr 13, 2015 7:55 pm

gtoc wrote:Hi,

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yoursite.com/$1 [R=301,L]

I have seen this rule written with '[R=301],L' and also just '[R,L]'. Which version is best?
I'd use the following to redirect from http to https ...

Code: Select all

#Rewrite to HTTPS:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
The flag question:
[R=301,L] is best
[R=301],L looks wrong to me as L isn't inside flag area [ ] and would probably cause an error
[R,L] will set redirect as a 302 / temporary redirect which might work for a specific short-term purpose but not a good idea

Simon

User avatar
Active Member

Posts

Joined
Sat Oct 25, 2014 5:15 pm
Location - New Zealand

Post by gtoc » Tue Apr 14, 2015 3:58 pm

thanks!!

New member

Posts

Joined
Tue Apr 23, 2013 12:11 pm

Post by ginboomerang » Thu Jun 11, 2015 11:50 pm

soundzgood - Great info, just stole your little code and works for me, thanks.

Mark

New member

Posts

Joined
Sun Aug 28, 2011 2:51 pm
Who is online

Users browsing this forum: Bing [Bot] and 82 guests