Porting to https troubles

[OllieMackJames]

I am porting a site from http to https, I use pw 2.7.3 with procache

On the command line I copied all from public_html to private_html

Trouble is that the https homepage keeps redirecting to http homepage, i.e. https://www.domain.com redirects to http://www.domain.com

That problem does not exist when I load a page off root, like https://www.domain.dom/one-down does not redirect.

Here is my htaccess file for the private_html dir:

#################################################################################################
# ProcessWire ProCache recommended .htaccess tweaks for expires and gzip performance settings.
# PWPC-3.0 Keep this line here for ProCache identification purposes.
#################################################################################################
<IfModule mod_headers.c>
  Header set Connection keep-alive
  Header unset ETag
  <FilesMatch "\.(eot|otf|ttc|ttf|woff)$">
	  Header set Access-Control-Allow-Origin "*"
  </FilesMatch>
</IfModule>
FileETag None
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault "access plus 1 month"
  # html
  ExpiresByType text/html "access plus 1 hour"
  # images
  ExpiresByType image/jpeg "access plus 1 year"
  ExpiresByType image/png "access plus 1 year"
  ExpiresByType image/gif "access plus 1 year"
  ExpiresByType image/svg+xml "access plus 1 year"
  ExpiresByType image/bmp "access plus 1 year"
  ExpiresByType image/webp "access plus 1 year"
  # css and js
  ExpiresByType text/css "access plus 1 year"
  ExpiresByType text/javascript "access plus 1 year"
  ExpiresByType application/javascript "access plus 1 year"
  ExpiresByType application/x-javascript "access plus 1 year"
  # downloads
  ExpiresByType application/octet-stream "access plus 1 year"
  # feeds
  ExpiresByType application/json "access plus 0 seconds"
  ExpiresByType application/xml "access plus 0 seconds"
  ExpiresByType text/xml "access plus 0 seconds"
  # icon / favicon
  ExpiresByType image/vnd.microsoft.icon "access plus 1 year"
  ExpiresByType image/x-icon "access plus 1 year"
  # font
  ExpiresByType application/x-font-ttf "access plus 1 year"
  ExpiresByType application/x-font-woff "access plus 1 year"
  ExpiresByType application/font-woff "access plus 1 year"
  ExpiresByType application/font-woff2 "access plus 1 year"
  ExpiresByType font/woff "access plus 1 year"
  ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
  ExpiresByType font/eot "access plus 1 year"
  ExpiresByType font/opentype "access plus 1 year"
  # audio/video
  ExpiresByType audio/ogg "access plus 1 month"
  ExpiresByType video/mp4 "access plus 1 month"
  ExpiresByType video/ogg "access plus 1 month"
  ExpiresByType video/webm "access plus 1 month"
</IfModule>
<IfModule mod_deflate.c>
  <IfModule mod_setenvif.c>
     <IfModule mod_headers.c>
        # Force compression for mangled `Accept-Encoding` request headers
        # https://developer.yahoo.com/blogs/ydn/pushing-beyond-gzipping-25601.html
        SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
        RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
     </IfModule>
  </IfModule>
  # <IfModule mod_filter.c> # Apache 2.3.7 and above may need to uncomment this line
    AddOutputFilterByType DEFLATE "text/html"
    AddOutputFilterByType DEFLATE "text/plain"
    AddOutputFilterByType DEFLATE "text/css"
    AddOutputFilterByType DEFLATE "text/javascript"
    AddOutputFilterByType DEFLATE "application/javascript"
    AddOutputFilterByType DEFLATE "application/x-javascript"
    AddOutputFilterByType DEFLATE "application/json"
    AddOutputFilterByType DEFLATE "application/xml"
    AddOutputFilterByType DEFLATE "text/xml"
  # </IfModule> # Apache 2.3.7 and above may need to uncomment this line
</IfModule>
# End ProcessWire ProCache recommended tweaks
#################################################################################################
#################################################################################################
# START PROCESSWIRE HTACCESS DIRECTIVES
# @version 2.5
# @indexVersion 250
#################################################################################################

# -----------------------------------------------------------------------------------------------
# Don't show directory indexes, but do follow symbolic links
# 500 NOTE: Some cloud hosting companies don't allow +FollowSymLinks.
# Uncomment +SymLinksifOwnerMatch and comment +FollowSymLinks if you have 500 errors.
# If that doesn't resolve the error, then set it back to +FollowSymLinks.
# -----------------------------------------------------------------------------------------------

Options -Indexes
Options +FollowSymLinks
# Options +SymLinksifOwnerMatch

# -----------------------------------------------------------------------------------------------
# Let ProcessWire handle 404s
# -----------------------------------------------------------------------------------------------

ErrorDocument 404 /index.php

# -----------------------------------------------------------------------------------------------
# Handle request for missing favicon.ico/robots.txt files (no ending quote for Apache 1.3)
# -----------------------------------------------------------------------------------------------

<Files favicon.ico>
  ErrorDocument 404 "The requested file favicon.ico was not found.
</Files>

<Files robots.txt>
  ErrorDocument 404 "The requested file robots.txt was not found.
</Files>

# -----------------------------------------------------------------------------------------------
# Protect from XSS with Apache headers
# -----------------------------------------------------------------------------------------------

<IfModule mod_headers.c>
  # prevent site from being loaded in an iframe on another site
  # you will need to remove this one if you want to allow external iframes
  Header always append X-Frame-Options SAMEORIGIN

  # to prevent cross site scripting (IE8+ proprietary)
  Header set X-XSS-Protection "1; mode=block"

  # prevent mime-based attacks via content sniffing (IE+Chrome)
  # Header set X-Content-Type-Options "nosniff"
</IfModule>

# -----------------------------------------------------------------------------------------------
# Protect ProcessWire system files (part 1B) for Apache versions 2.4 and newer:
# APACHE 2.4+ NOTE: Uncomment this section and remove or comment out section 1A above.
# -----------------------------------------------------------------------------------------------

 <FilesMatch "\.(inc|info|info\.json|module|sh|sql)$|^(\..*)$">
   Require all denied
 </FilesMatch>
 <Files .htaccess>
   Require all denied
 </Files>

# -----------------------------------------------------------------------------------------------
# Override a few PHP settings that can't be changed at runtime (not required)
# 500 NOTE: Try commenting out this entire section below if getting Apache 500 errors.
# -----------------------------------------------------------------------------------------------

<IfModule mod_php5.c>
  php_flag magic_quotes_gpc		off
  php_flag magic_quotes_sybase		off
  php_flag register_globals		off
</IfModule>

# -----------------------------------------------------------------------------------------------
# Set default directory index files
# -----------------------------------------------------------------------------------------------

DirectoryIndex index.php index.html index.htm

# -----------------------------------------------------------------------------------------------
# ProcessWire requires mod_rewrite
# -----------------------------------------------------------------------------------------------

<IfModule mod_rewrite.c>

  RewriteEngine On
  AddDefaultCharset UTF-8

  # -----------------------------------------------------------------------------------------------
  # If you only want to allow HTTPS, uncomment the RewriteCond and RewriteRule lines below.
  # -----------------------------------------------------------------------------------------------
  #RewriteCond %{HTTPS} off
  #RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

	#RewriteCond %{HTTPS} !=on
	# This checks to make sure the connection is not already HTTPS
	#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  # -----------------------------------------------------------------------------------------------
  # Set an environment variable so the installer can detect that mod_rewrite is active.
  # Note that some web hosts don't support this. If you get a 500 error, you might try
  # commenting out this SetEnv line below.
  # -----------------------------------------------------------------------------------------------

  <IfModule mod_env.c>
    SetEnv HTTP_MOD_REWRITE On
  </IfModule>

  # -----------------------------------------------------------------------------------------------
  # OPTIONAL: Set a rewrite base if rewrites aren't working properly on your server.
  # And if your site directory starts with a "~" you will most likely have to use this.
  # -----------------------------------------------------------------------------------------------

  # RewriteBase /
  # RewriteBase /pw/
  # RewriteBase /~user/

  # -----------------------------------------------------------------------------------------------
  # Access Restrictions: Keep web users out of dirs that begin with a period
  # -----------------------------------------------------------------------------------------------

  RewriteRule "(^|/)\." - [F]

  # -----------------------------------------------------------------------------------------------
  # OPTIONAL: Redirect users to the 'www.' version of the site (uncomment to enable).
  # For example: http://processwire.com/ would be redirected to http://www.processwire.com/
  # -----------------------------------------------------------------------------------------------

  RewriteCond %{HTTP_HOST} !^www\. [NC]
  RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  # -----------------------------------------------------------------------------------------------
  # OPTIONAL: Send URLs with non name-format characters to 404 page
  # Remove this section if it interferes with URLs of any other software you may be running.
  # -----------------------------------------------------------------------------------------------

  RewriteCond %{REQUEST_URI} "[^-_.a-zA-Z0-9/~]"
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.*)$ index.php?it=/http404/ [L,QSA]

  # -----------------------------------------------------------------------------------------------
  # Access Restrictions: Protect ProcessWire system files
  # -----------------------------------------------------------------------------------------------

  # Allow screenshot files (for install.php only: this 1 line below may be removed after install)
  RewriteCond %{REQUEST_URI} !(^|/)site-[^/]+/install/[^/]+\.(jpg|jpeg|png|gif)$
  # Block access to any htaccess files
  RewriteCond %{REQUEST_URI} (^|/)\.htaccess$ [NC,OR]
  # Block access to protected assets directories
  RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/assets/(cache|logs|backups|sessions|config|install|tmp)($|/.*$) [OR]
  # Block acceess to the /site/install/ directory
  RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/install($|/.*$) [OR]
  # Block dirs in /site/assets/ dirs that start with a hyphen
  RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/assets.*/-.+/.* [OR]
  # Block access to /wire/config.php, /site/config.php, /site/config-dev.php, and /wire/index.config.php
  RewriteCond %{REQUEST_URI} (^|/)(wire|site|site-[^/]+)/(config|index\.config|config-dev)\.php$ [OR]
  # Block access to any PHP-based files in /templates-admin/
  RewriteCond %{REQUEST_URI} (^|/)(wire|site|site-[^/]+)/templates-admin($|/|/.*\.(php|html?|tpl|inc))$ [OR]
  # Block access to any PHP or markup files in /site/templates/
  RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/templates($|/|/.*\.(php|html?|tpl|inc))$ [OR]
  # Block access to any PHP files in /site/assets/
  RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/assets($|/|/.*\.php)$ [OR]
  # Block access to any PHP files in core or core module directories
  RewriteCond %{REQUEST_URI} (^|/)wire/(core|modules)/.*\.(php|inc|tpl|module|info\.json)$ [OR]
  # Block access to any PHP files in /site/modules/
  RewriteCond %{REQUEST_URI} (^|/)(site|site-[^/]+)/modules/.*\.(php|inc|tpl|module|info\.json)$ [OR]
  # Block access to any software identifying txt files
  RewriteCond %{REQUEST_URI} (^|/)(COPYRIGHT|INSTALL|README|htaccess)\.(txt|md|textile)$ [OR]
  # Block all http access to the default/uninstalled site-default directory
  RewriteCond %{REQUEST_URI} (^|/)site-default/
  # If any conditions above match, isssue a 403 forbidden
  RewriteRule ^.*$ - [F,L]

  # -----------------------------------------------------------------------------------------------
  # Ensure that the URL follows the name-format specification required by ProcessWire
  # -----------------------------------------------------------------------------------------------

  RewriteCond %{REQUEST_URI} "^/~?[-_.a-zA-Z0-9/]*$"

  # PROCACHE xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  RewriteCond %{REQUEST_METHOD} !=POST
  RewriteCond %{QUERY_STRING} !.*=.*
  RewriteCond %{HTTP_COOKIE} !^.*(wire_challenge).*$
  RewriteCond %{DOCUMENT_ROOT}/site/assets/ProCache-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/$1/index.html -f
  RewriteRule ^(.*) %{DOCUMENT_ROOT}/site/assets/ProCache-xxxxxxxxxxxxxxxxxxxxxxxxxx/$1/index.html [L]
  # /PROCACHE
RewriteCond %{REQUEST_URI} "^/~?[-_.a-zA-Z0-9/]*$"

  # -----------------------------------------------------------------------------------------------
  # If the request is for a file or directory that physically exists on the server,
  # then don't give control to ProcessWire, and instead load the file
  # -----------------------------------------------------------------------------------------------

  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_FILENAME} !(favicon\.ico|robots\.txt)

  # -----------------------------------------------------------------------------------------------
  # OPTIONAL: Prevent ProcessWire from attempting to serve images or anything in /site/assets/.
  # Both of these lines are optional, but can help to reduce server load. However, they
  # are not compatible with the $config->pagefileSecure option (if enabled) and they
  # may produce an Apache 404 rather than your regular 404. You may uncomment the two lines
  # below if you don't need to use the $config->pagefileSecure option.
  # -----------------------------------------------------------------------------------------------

  # RewriteCond %{REQUEST_FILENAME} !\.(jpg|jpeg|gif|png|ico)$ [NC]
  # RewriteCond %{REQUEST_FILENAME} !(^|/)site/assets/

  # -----------------------------------------------------------------------------------------------
  # Pass control to ProcessWire if all the above directives allow us to this point.
  # For regular VirtualHosts (most installs)
  # -----------------------------------------------------------------------------------------------
  RewriteRule ^(.*)$ index.php?it=$1 [L,QSA]

  # -----------------------------------------------------------------------------------------------
  # 500 NOTE: If using VirtualDocumentRoot: comment out the one above and use this one instead.
  # -----------------------------------------------------------------------------------------------
  # RewriteRule ^(.*)$ /index.php?it=$1 [L,QSA]

</IfModule>

#################################################################################################
# END PROCESSWIRE HTACCESS DIRECTIVES
#################################################################################################

Help much appreciated, if someone has a checklist for porting http to https that would be great!

[arjen]

Hey Ollie,

The only thing I do when porting to https only is uncomment these lines. Have you tried it? It doesn't seem enabled in your .htaccess. I usually don't even set the templates to https only.

Edited August 3, 2016 by arjen
corrected url

[OllieMackJames]

Hey arjen,

Thanks for that, I did exactly that on another site and it worked fine.

On this particular site it seems some code is blocking this, I have now asked the developer to look at that.

Thanks again!

[Martijn Geerts]

I've made a module that should swicth protocols (http/https) based on domain name. Don't now if it still works but you could try it:

https://github.com/Da-Fecto/SwitchProtocol

[OllieMackJames]

Thanks Martijn, will give a try on next domain that needs porting!

[lpa]

How about redirecting all to https except one subdirectory?

I want to change all of our domain from http to https. But I need to serve one directory without https. I have tried to do this in apache server config like this:

RewriteCond %{REQUEST_URI} ^/?subdir
RewriteRule ^/(.*) http://www.example.com/$1 [R,L]

RewriteCond %{REQUEST_URI} ^/index.php\?it=subdir(.*)
RewriteRule ^/(.*) http://www.example.com/index.php?it=subdir$1 [R,L]

RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://www.example.com/$1 [R=301,L]

But this does not work. How should the redirect from /subdir to /index.php?it=subdir be handled, because now that will be forced to be https by the last rule?

 

 

[lpa]

How do you handle the exceptions like above??? I want all the content except one subdirectory redirected to https, but the above solution does not work. Is there any easy solution?

[lpa]

Hi all!

I still haven't found a solution to my problem. How to force all the content to be https except one subdirectory? The problem is this final PW handler, which is always https. 

RewriteRule ^(.*)$ index.php?it=$1 [L,QSA]

When I force all the content in .htaccess to https, the template level setting can't off course override that setting. 

Has anyone solved such a problem?

[BitPoet]

On 11/11/2016 at 9:48 AM, lpa said:

RewriteCond %{REQUEST_URI} ^/?subdir
RewriteRule ^/(.*) http://www.example.com/$1 [R,L]

RewriteCond %{REQUEST_URI} ^/index.php\?it=subdir(.*)
RewriteRule ^/(.*) http://www.example.com/index.php?it=subdir$1 [R,L]

RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://www.example.com/$1 [R=301,L]

But this does not work. How should the redirect from /subdir to /index.php?it=subdir be handled, because now that will be forced to be https by the last rule?

Shouldn't it be enough to exclude subdir requests from that last https rule?

# Redirect all requests to subdir
RewriteCond %{REQUEST_URI} ^/?subdir(/|$)
RewriteRule ^/(.*) http://www.example.com/$1 [R,L]

# Make sure to use plain http for subdir just in case...
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_URI} ^/index.php\?it=subdir(/|$)
RewriteRule ^/(.*) http://www.example.com/index.php?it=subdir$1 [R,L]

# Rewrite all other requests to https
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^/index.php\?it=subdir(/|$)
RewriteCond %{REQUEST_URI} !^/?subdir(/|$)
RewriteRule ^/(.*) https://www.example.com/$1 [R=301,L]

Note the "(/|$)" (either forward slash or end of string) I've added after subdir in the patterns to make sure that it matches exactly.

[grantdb]

I am looking at another unrelated issue and was searching the forum and came across this thread and thought I could add my 2 cents.  I was looking at having a sub dir not be subject to the root dir .htaccess directives and found this:

RewriteRule ^subdirname/.*$ - [PT]

On my server it just makes it so all requests to the specific url/dir have a passthrough without applying any of the .htaccess rules (below that line?).

Maybe this is helpful in your problem or maybe not. Cheers!