Codeigniter plus SSL

[eluser]mallix[/eluser]
Hello,

I have just installed a new SSL certificate and i have problems with my htaccess file and config to make it work.

This is my current htaccess file:

Code:

DirectoryIndex index.php
RewriteEngine on
RewriteCond $1 !^(index\.php|robots\.txt|website|shop_files|client|favicon\.ico|style\.css|sitemap.xml)
RewriteRule ^(.*)$ ./index.php/$1 [L]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/ [R=301,L]

What I want is to have SSL for ALL the website, remove index.php and force www.
I have also multiple Ajax Calls with my domain but also GET and POST calls with external websites.

What should I add to the htaccess file to make it work? Is there another way to work with the framework ?

Thank you

[eluser]mallix[/eluser]
Anyone that solved the problem ?

[eluser]weboap[/eluser]
i used this before and it works

http://sajjadhossain.com/2008/10/27/ssl-...deigniter/

hope it help.

[eluser]CroNiX[/eluser]
Your CI specific rules should be last in your htaccess, like the www redirect should be first. Otherwise it will process the request once with CI and then on the next request discover it needs to redirect to www, processing everything all over again.

Do you have "https" in your base_url?

This will redirect all non-ssl requests to ssl, however if you have to pass PCI compliance tests for credit card processing/etc, this will fail as doing this in htaccess isn't allowed. Again, this should go before any CI specific rules.

Code:

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

[eluser]mallix[/eluser]
My base url is set to https

I have controllers and functions like http://domain/controller/function

The paths seems to work with my base domain but when i move to controllers or functions in the URL
It gets out of the Secure URI while it https://domain/controller

Like: https://www.domain.com works but https://www.domain.com/panel/login does not.

If i move CI specific rules for styles or js to to the bottom of the htaccess file then those styles and js files are missing..

[eluser]mallix[/eluser]
I am trying to use this post: http://ellislab.com/forums/viewthread/86113/

But no luck with ssl there either.

When i navigate to http://www.mydomain.com/panel/login ssl is not valid
When i am actually loggin in and getting redirected to http://www.mydomain.com/panel/profile the SSL is valid again.

Very confusing stuff..

Do I have to set base_url to https or NOT ?
Do I have to do that with CodeIgniter using htaccess or not ?
What about styles and javascript files? I now that these files must be served to client side under https
or IE and other browser will cry about files served under the hood.

What is the solution, best or not using CodeIgniter?

Forcing www and https, removing index.php and all this for ALL the domain: https://wwww.domain.com/*.*/*.*/*.*

[eluser]mallix[/eluser]
Finally everything works as expected
This is my htaccess file:

Code:

DirectoryIndex index.php
RewriteEngine on

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.domain.com/$1 [R,L]

RewriteCond %{SERVER_PORT} 443
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/ [R=301,L]

RewriteCond $1 !^(index\.php|robots\.txt|website|files|client|favicon\.ico|style\.css|sitemap.xml)
RewriteRule ^(.*)$ ./index.php/$1 [L]

Every external load of js must be handled under https and inside the website s styles and scripts, the use of relative paths.

Also base_url:

Code:

$config['base_url'] = 'https://www.domain.com/';

Also if you are using curl to call external services either upload the .pem file in the server and pass it as a parameter on curl functions or set to 0 the followlocation option:

Code:

curl_setopt ($ch, CURLOPT_FOLLOWLOCATION, 0);

One thing remains.

With the current htaccess config
https://domain.com does not redirect to https://www.domain.com

What should I do ?