Page 1 of 1
Setting up .htaccess for HTTPS
Posted: Wed Apr 19, 2017 7:08 am
by codywood
Right now I'm using the following to force a redirect to https.
Code: Select all
# Force https everywhere
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
However, it won't redirect the following use if there is no www:
https://domain.com displays an error that the page is not secure.
Anyone help?
Re: Setting up .htaccess for HTTPS
Posted: Wed Apr 19, 2017 10:38 pm
by viethemes
Could you provide your site URL so we can take a look at the problem closer?
Re: Setting up .htaccess for HTTPS
Posted: Thu Apr 20, 2017 1:47 am
by artcore
Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteRule ^(.*) https://domain.com%{REQUEST_URI} [R=301,L,NE]
RewriteBase /
or direct to www + https
Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*) https://www.domain.com%{REQUEST_URI} [R=301,L,NE]
RewriteBase /
In human words: if not https or if not starts with www direct to https + www retaining the params after the domain. Take notice of the placing; after RewriteEngine On, before RewriteBase
Re: Setting up .htaccess for HTTPS
Posted: Thu Apr 20, 2017 4:26 pm
by TobikSoft
Code: Select all
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.+) [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
If "www" ->301 redirect to-> https://...
If not https ->301 redirect to-> https://...
Re: Setting up .htaccess for HTTPS
Posted: Fri Apr 21, 2017 2:54 am
by codywood
I believe I would use this version:
E
Code: Select all
RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*) https://www.domain.com%{REQUEST_URI} [R=301,L,NE]
RewriteBase /
But there is more to consider. For instance, my OpenCart admin uses the following URL template:
https://admin.domain.com
If I were to use the version above then wouldn't it result in pretending 'www' to this admin URL, like this?:
https://www.admin.domain.com
And, how would it affect other store URLs when the store is installed as a subdomain?:
https://store2.domain.com
--Thank you
Re: Setting up .htaccess for HTTPS
Posted: Mon Apr 24, 2017 5:14 pm
by codywood
DOES ANYONE HAVE A SOLUTION? Please read the above post.
Using the .htaccess file, I need to redirect all of the following URLs to this URL,
https://www.domain.com/:
https://domain.com
http://domain.com
http://www.domain.com
www.domain.com
domain.com
Thank you
Re: Setting up .htaccess for HTTPS
Posted: Mon Apr 24, 2017 8:42 pm
by uksitebuilder
Well, the first thing to do is test for SSL
Code: Select all
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L,NE]
Then check for the www. or admin
Code: Select all
RewriteCond %{HTTP_HOST} !^www\. [NC] [OR]
RewriteCond %{HTTP_HOST} !^admin\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L,NE]
Re: Setting up .htaccess for HTTPS
Posted: Wed Apr 26, 2017 5:21 am
by codywood
You lost me at 'admin'. What do you mean that you check for admin? Are you assuming that the backend of opencart uses admin.domain.com ?
I have not tried this code but will it also forward any URL that does not have the 'S' at the end of HTTPS, or whether it has WWW or not?
Thanks
Re: Setting up .htaccess for HTTPS
Posted: Wed Apr 26, 2017 2:19 pm
by uksitebuilder
That was what you stated a couple of posts up
The way htaccess works with rewrites is from the top down until it hits a rule that matches - Then it redirects and goes through htaccess again from top down, rinse and repeat until all rules are satisfied.
So first thing my code does is check for SSL - If SSL is off it simply redirects the URL entered to SSL
Next pass, it check if the url begins with either www or admin, if it doesn't it will redirect to the
www.domain url
If you add subdomains in the future, you will need to amend the second lot of code I posted to add those subdomains, similar to how the www and admin have been added with an [OR] flag
Re: Setting up .htaccess for HTTPS
Posted: Thu Apr 27, 2017 2:18 pm
by codywood
That kind of make sense. I'll try it tomorrow. Thanks for your help....
Re: Setting up .htaccess for HTTPS
Posted: Tue May 02, 2017 7:04 am
by codywood
If you are still following, as a reminder, I was using the following:
Code: Select all
# Force https everywhere
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
I was give, as one possible solution, this code:
Code: Select all
ewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L,NE]
RewriteCond %{HTTP_HOST} !^www\. [NC] [OR]
RewriteCond %{HTTP_HOST} !^admin\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L,NE]
It did not work, as it was. I ended up combining what I had with what I was given. The end result is this:
Code: Select all
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{HTTP_HOST} !^www\. [NC] [OR]
RewriteCond %{HTTP_HOST} !^admin\. [NC] [OR]
RewriteCond %{HTTP_HOST} !^store2\. [NC] [OR]
RewriteCond %{HTTP_HOST} !^inno\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L,NE]
I had to remove this:
Code: Select all
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L,NE]
Can any one explain why the original code given did not work but what I did was successful?
UPDATE.....
I discovered that the change I made did not work. When I use the code as it was given to me in this form I cannot access the admin side which is at admin.domain.com/admin.
i suspect what I said I removed needs to be changed in some way, but I don't know how. CAN ANYONE HELP?
Code: Select all
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L,NE]
Re: Setting up .htaccess for HTTPS
Posted: Sun Jul 29, 2018 3:32 am
by CrucialPiXel
I could not get any https redirect to work as all of them would cause a too many redirects issue. I finally got it to work when using this line "RewriteCond %{HTTP:X-Forwarded-Proto} !https " (without quotes) along with a redirect rule I listed below. Just wanted to pass it along for anyone else who spent weeks looking for a solution like me. I found no issues after putting in it place, it even works for the /admin login as well. It even redirects www.
This is part of my .htaccess file, notice the last two lines. Just add those 2 lines to your .htaccess file in the same location.
Code: Select all
RewriteBase /
RewriteRule ^sitemap.xml$ index.php?route=extension/feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=extension/feed/google_base [L]
RewriteRule ^system/storage/(.*) index.php?route=error/not_found [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Re: Setting up .htaccess for HTTPS
Posted: Sun Jul 29, 2018 7:12 pm
by straightlight
RewriteRule ^system/storage/(.*) index.php?route=error/not_found [L]
Ensure this line doesn't stick in if you did moved your storage folder outside your public_html folder.
Re: Setting up .htaccess for HTTPS
Posted: Sat Apr 06, 2019 8:58 pm
by kslakhani
CrucialPiXel wrote: ↑Sun Jul 29, 2018 3:32 am
I could not get any https redirect to work as all of them would cause a too many redirects issue. I finally got it to work when using this line "RewriteCond %{HTTP:X-Forwarded-Proto} !https " (without quotes) along with a redirect rule I listed below. Just wanted to pass it along for anyone else who spent weeks looking for a solution like me. I found no issues after putting in it place, it even works for the /admin login as well. It even redirects www.
This is part of my .htaccess file, notice the last two lines. Just add those 2 lines to your .htaccess file in the same location.
Code: Select all
RewriteBase /
RewriteRule ^sitemap.xml$ index.php?route=extension/feed/google_sitemap [L]
RewriteRule ^googlebase.xml$ index.php?route=extension/feed/google_base [L]
RewriteRule ^system/storage/(.*) index.php?route=error/not_found [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*\.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Hi CrucialPiXel ,
You saved my day man,
Thank you
I think
RewriteCond %{HTTP:X-Forwarded-Proto} !https
is for latest apache server, not sure though
Re: Setting up .htaccess for HTTPS
Posted: Sun Apr 26, 2020 8:36 pm
by tapopencartsmotan
Hello. I am with OC 3.0.3.2. Tried everything above but whenever I put in the httaccess file to make https and redirect www. etc to the main domain with https it always gives me 500 Internal Server Error..... I tried everything you sayd... just not working and not working.
Re: Setting up .htaccess for HTTPS
Posted: Sun Apr 26, 2020 10:11 pm
by straightlight
it always gives me 500 Internal Server Error
What does the error / server access logs indicates about the 500 Internal Server error?