+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: Best Practices (https://forum.codeigniter.com/forumdisplay.php?fid=12)
+--- Thread: Codeigniter HTTPS (SSL) What is the "Best Practice"? (/showthread.php?tid=64181)
Codeigniter HTTPS (SSL) What is the "Best Practice"? - Hexagonal.org - 01-25-2016
I have a Codeigniter application which was developed and tested on the normal http. Now the Apache server has been configured in such a way that all of the pages are stored in a single folder which is SSL enabled. The SSL certificate is in place. When I browse to the website using "https://www" then it redirects to "http://www". NOTE : I do not need to load specific pages using SSL. I just need all pages to show as HTTPS.
I have tried the proposed solutions suggested on Stack Overflow including :
1. Modifying the .htaccess file to force HTTPS
2. Setting the $config['base_url'] = "https://www.yoursite.com/";
When I tried the above method in tandem then Firefox gave the following error : "The page isn't redirecting properly. Firefox has detected that the server is redirecting the request for this address in a way that will never complete."
Many Stack Overflow contributors suggest that this should be handled by Apache only. That makes sense to me but forcing HTTPS via .htaccess gives the same error.
Is there a simple "best practice" way to do this without hooks and SSL Helpers, etc?
RE: Codeigniter HTTPS (SSL) What is the "Best Practice"? - skunkbad - 01-25-2016
In my own websites, I have used the following for .htaccess:
Code:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]You didn't share what you did, so it's impossible to know.
It does look like you've set the base_url correctly.
You might check the security cert and make sure www is covered, but I don't think that's your problem.
RE: Codeigniter HTTPS (SSL) What is the "Best Practice"? - Hexagonal.org - 01-25-2016
Hi ~ here is the .htaccess code I used :
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
And the */application/config/config.php file includes :
$config['base_url'] = "";
RE: Codeigniter HTTPS (SSL) What is the "Best Practice"? - suhindra - 01-25-2016
redirect to https url in codeigniter using hooks is a good method rather than htaccess
i use this tuts *Redacted: no longer working*
RE: Codeigniter HTTPS (SSL) What is the "Best Practice"? - Hexagonal.org - 01-25-2016
Thanks Suhindra. I did come across this tutorial. I was wondering if you think that there are advantages to using "Hooks" for this purpose?
RE: Codeigniter HTTPS (SSL) What is the "Best Practice"? - mwhitney - 01-29-2016
I have separate conf files in Apache for http and https, with the https conf specifying:
Code:
<VirtualHost *:443>and including the SSL configuration, but otherwise it's a fairly normal configuration for a CI site.
For some of my sites, the http conf file looks something like this:
Code:
<VirtualHost *:80>
ServerName my.url.here
Redirect 301 / https://my.url.here
</VirtualHost>For other sites, I might have a normal http conf for the port 80 virtual host, or some portions of the site may be redirected to https. In all cases, I set the site's base_url to include the https://, so they end up using https once they click a link on the site, regardless of whether they were redirected in the first place.
RE: Codeigniter HTTPS (SSL) What is the "Best Practice"? - portalusa - 06-13-2018
Hi
I have renewed my SSL certificate with Godaddy, I´ve been instructed to redirect my website to HTTPS by changing the htaccess file.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.example.com [NC]
RewriteRule ^(.*)$ example.com/$1 [L,R=301,NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
</IfModule>
The website when is redirected to https the website is completely different and not functional.
Could someone help me with this issue please?
Many thanks in advanced
RE: Codeigniter HTTPS (SSL) What is the "Best Practice"? - CINewb - 06-18-2018
(01-29-2016, 02:18 PM)mwhitney Wrote: I have separate conf files in Apache for http and https...
Same here, in my opinion this is Apache's job, not CodeIgniter's. Any method other than a separate virtual host is less efficient (albeit you probably won't notice any difference in terms of performance).