Forum

Thread tagged as: Question, Configuration

SSL code configuration where to put it?

Where does this code go to force ssl on all pages and can it be used to force ssl to the non or www address?

<?php PerchSystem::force_ssl(); ?>
Carol Swinehart

Carol Swinehart 0 points

  • 4 years ago
Duncan Revell

Duncan Revell 78 points
Registered Developer

4 years ago

Hi Carol,

I believe the idea behind that function was to enable only certain pages to be forced to SSL. If you're looking to make the whole site use SSL, then investigate using Apache/your choice of webserver to handle it.
Hussein Al Hammad

Hussein Al Hammad 105 points
Registered Developer

4 years ago

Hello Carol,

Check out this post from the Perch Blog: Perch and SSL

If you want most or all of your pages delivered via SSL then you could add this to an include that is added to all of your pages – just make sure it is included before anything is output to the browser.

Alternatively, you can force SSL via your .htaccess file like so:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

The advantage of handling this with PerchSystem::force_ssl() instead of .htaccess is SSL doesn't have to be forced in all your environments (dev, staging and production). This point is also discussed in the blog post linked above.
Carol Swinehart

Carol Swinehart 0 points

4 years ago

I need something that will take the www address to the non www secure address. Will your code do that>Hussein Al Hammad said: >

Hello Carol,

Check out this post from the Perch Blog: Perch and SSL

If you want most or all of your pages delivered via SSL then you could add this to an include that is added to all of your pages – just make sure it is included before anything is output to the browser.

Alternatively, you can force SSL via your .htaccess file like so:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

The advantage of handling this with PerchSystem::force_ssl() instead of .htaccess is SSL doesn't have to be forced in all your environments (dev, staging and production). This point is also discussed in the blog post linked above.
Hussein Al Hammad

Hussein Al Hammad 105 points
Registered Developer

4 years ago

Could you clarify further?

If I'm understanding you correctly, you want to redirect https://www.example.com to https://example.com. Is this correct?
Carol Swinehart

Carol Swinehart 0 points

4 years ago

Yes and https://www.example.com to https://example.com

Hussein Al Hammad said:

Could you clarify further?

If I'm understanding you correctly, you want to redirect https://www.example.com to https://example.com. Is this correct?
Hussein Al Hammad

Hussein Al Hammad 105 points
Registered Developer

4 years ago

In your .htaccess file, you can use the following:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R=301,L]

This should remove www and force SSL for all pages.

Note that this solution doesn't utilise PerchSystem::force_ssl() so you probably need different .htaccess file for each environment (dev, staging and production).
Carol Swinehart

Carol Swinehart 0 points

4 years ago

Thanks