Page 1 of 1
how to force https/ssl for an existing domain?
Posted: Mon Jan 18, 2016 8:24 am
by baijianpeng
I had set up hosting plans with "default" template and created website with an domain.
Then, after some time, I know that HTTPS is good. Then I applied SSL certificate and installed them.
Now my website can be open by https protocol, but if someone use "http" to visit, it also opened without SSL.
I tried the "force https/ssl" trick in VestaCP Documentation, but it seems only work for "new domains", not for "existing domains".
So, what should I do now to configure my existing domain to force HTTPS/SSL access?
Thank you.
Re: how to force https/ssl for an existing domain?
Posted: Mon Jan 18, 2016 10:40 am
by newtron
You can use .htaccess, PHP "header" function or use this ->
https://vestacp.com/docs/#how-to-force-https
I recomend the .hta and php options...
Re: how to force https/ssl for an existing domain?
Posted: Mon Jan 18, 2016 11:17 am
by baijianpeng
Ok, I will try the .htaccess method.
Thank you.
Re: how to force https/ssl for an existing domain?
Posted: Tue Jan 19, 2016 6:23 am
by baijianpeng
After some googling, I found following rewrite rule to force SSL with .htaccess:
Code: Select all
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.joomlagate.com/$1 [R,L]
This will force https for ALL urls of my domain. However, I only want to force https for "
www.joomlagate.com/***", NOT for some subdomains like "file.joomlagate.com" or "ftp.joomlagate.com", how to modify this rule to ONLY work for main domains but not for subdomains?
Thank you.
Re: how to force https/ssl for an existing domain?
Posted: Tue Jan 19, 2016 7:39 am
by tjebbeke
You can try this:
Code: Select all
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} !localhost
RewriteCond %{HTTP_HOST} !sub.domain.com
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [L,R=301]
</IfModule>
Re: how to force https/ssl for an existing domain?
Posted: Wed Jan 20, 2016 2:32 am
by baijianpeng
Thank you.
Finally I realised that my issue should not be solved in this way. I should use CA certificate instead of self-made (openssl by VestaCP) certificate.
Re: how to force https/ssl for an existing domain?
Posted: Mon Aug 28, 2017 1:15 pm
by rizakyo
I believe that .htaccess is belong to apache. Unfortunately I am only using nginx on my VestaCP. Is there anyway to force the use of https on my website?
Re: how to force https/ssl for an existing domain?
Posted: Mon Aug 28, 2017 2:52 pm
by skurudo
rizakyo wrote:I believe that .htaccess is belong to apache. Unfortunately I am only using nginx on my VestaCP. Is there anyway to force the use of https on my website?
Already answered,
https://vestacp.com/docs/#how-to-force-https
you can use code from here for nginx.