SitePoint Sponsor

User Tag List

Results 1 to 12 of 12

Hybrid View

  1. #1
    SitePoint Member
    Join Date
    Jun 2012
    Location
    Newport, OR
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question I've read until nothing makes sense. Need help redirect sites to https

    I'm teaching myself how to do web pages and web hosting on an inexpensive small scale for local artists.

    I have an unlimited storage, unlimited bandwidth hosting account with Go Daddy.

    I host 3 others at this point under my umbrella. I needed a better ssl certificate than the free one. The one I bought is good for me, the host, and 4 others.

    With the help of a person at GoDaddy, I used their dashboard to redirect 3 sites to https. It didn't work.

    I would like anyone going to these 3 sites, no matter what they type to end up at, for instance, https://www.mysite.com so that the blue bar shows up in the URL bar.

    The other two have their own domain, but are located under mine. I use Dreamweaver CS5 so I edit the sites in separate directories but the edited code always ends up in their folders under mine.

    I hope I'm making sense. Go Daddy said I have to figure it out myself more or less. Well, not all of them, but...

  2. #2
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Welcome to Sitepoint JMCarrigan.

    To try to help, I would organize the thing us speak into these areas:
    • Your web server needs to be configured with Multi-Site SSL certificate, that latter could be used on the sites that you need to be protected under SSL. While this does not have much to do with redirection, it is something that you will need to have.
    • Using DNS (Domain Name Service) you can perform redirects so if I ask for www.abc.com my request is queried at a DNS server and it says 'Oh, I need to route this to www.efg.com')
    • If you are using Apache as your web server, you can redirect to enforce use of HTTPS using mod_rewrite. You can find great information on one of our form member - DKLynn's - site. Look for the section Enforce Secure Server. It would also be worth while spending some time on that same page to get yourself familiarized with mod_rewrite.

    Regards,
    Steve
    ictus==""

  3. #3
    SitePoint Member
    Join Date
    Jun 2012
    Location
    Newport, OR
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for taking the time to respond ServerStorm. I do have a multi-site SSL certificae issued by Go Daddy. (Standard Multiple Domain (UCC) SSL Up to 5 Domains ) I have read the various articles you speak of, especially Enforce Secure Server.

    That's what I meant by "I've read until nothing makes sense. Need help TO redirect sites to https".

    I will continue to try and understand it for as long as it takes. 12 days so far as I squeeze in quite a few other tasks. There is no store up yet because I haven't got all the product information yet AND I'm learning the cart making business, both the easy and the hard.

    Again, thank you.

  4. #4
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Quote Originally Posted by JMCarrigan View Post
    Thanks for taking the time to respond ServerStorm. I do have a multi-site SSL certificae issued by Go Daddy. (Standard Multiple Domain (UCC) SSL Up to 5 Domains ) I have read the various articles you speak of, especially Enforce Secure Server.

    That's what I meant by "I've read until nothing makes sense. Need help TO redirect sites to https".

    I will continue to try and understand it for as long as it takes. 12 days so far as I squeeze in quite a few other tasks. There is no store up yet because I haven't got all the product information yet AND I'm learning the cart making business, both the easy and the hard.

    Again, thank you.
    Hi,

    Ok, can you answer this? Do you want a user to type in http://www.thisdomain.com and another user to type in http://www.anotherdomain.com and to both be redirected to https://www.mydomain.com? Or do you need http://www.thisdomain.com to redirect to https://www.thisdomain.com and http://www.anotherdomain.com to redirect to https://www.anotherdomain.com?

    If you can describe more concretely the way you want the redirects to work, we can help recommend if mod_rewrite or DNS should be used.

    We will try to help get you sorted out

    Regards,
    Steve
    ictus==""

  5. #5
    SitePoint Member
    Join Date
    Jun 2012
    Location
    Newport, OR
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Woosh. I go run some errands and poof!

    Anyway, the second choice is what I am trying to get to happen.

    I need http://www.thisdomain.com to redirect to https://www.thisdomain.com and http://www.anotherdomain.com to redirect to https://www.anotherdomain.com?

    I would like for even just www.thisdomain.com to redirect to https://.... OR even just thisdomain.com to redirect to https://...etc

    They all go to the correct site(s) - they just aren't "blue bar" https secure. Thanks loads.

    What a pleasant surprise to hear back and so soon.

  6. #6
    Foozle Reducer ServerStorm's Avatar
    Join Date
    Feb 2005
    Location
    Burlington, Canada
    Posts
    2,699
    Mentioned
    89 Post(s)
    Tagged
    6 Thread(s)
    Hi JMCarrigan,

    Do you know if you can use .htaccess, most likely you can, so try this:
    1) In the root directory of each domain - i.e. /var/www/thisdomain/ - create a blank text file call .htaccess
    2) In each .htaccess file you need to do the following but changing to the appropriate domain:
    Code:
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80  # Any request that goes to port 80 (http) 
    RewriteRule ^(.*)$ https://www.thisdomain.com/$1 [R,L] #Rewrite it to https

    Do you really need to use https for all requests it creates more overhead in apache. Could you instead specify only the pages you need to have as https?

    I hope this helps. I can't be called close to a mod_rewrite expert, but I've been learning. This worked when I tested it.

    Regards,
    Steve
    ictus==""

  7. #7
    SitePoint Member
    Join Date
    Jun 2012
    Location
    Newport, OR
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ServerStorm View Post
    Hi JMCarrigan,

    Do you know if you can use .htaccess, most likely you can, so try this:
    1) In the root directory of each domain - i.e. /var/www/thisdomain/ - create a blank text file call .htaccess
    2) In each .htaccess file you need to do the following but changing to the appropriate domain:
    Code:
    RewriteEngine On
    RewriteCond %{SERVER_PORT} 80  # Any request that goes to port 80 (http) 
    RewriteRule ^(.*)$ https://www.thisdomain.com/$1 [R,L] #Rewrite it to https

    Do you really need to use https for all requests it creates more overhead in apache. Could you instead specify only the pages you need to have as https?

    I hope this helps. I can't be called close to a mod_rewrite expert, but I've been learning. This worked when I tested it.

    Regards,
    Steve

  8. #8
    SitePoint Member
    Join Date
    Jun 2012
    Location
    Newport, OR
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I've had to delete everyone of the .htaccess files to get everything back.

    I think I have attached an image captured from the FileZilla interface. It shows the directory structure.

    Even the nyebeach.org site stopped working while all this was on. Curiouser and curiouser. Thanks.

    OOPS> I wonder if my cut and paste put some code in it that it shouldn't. I cut your example from an email notice..

  9. #9
    SitePoint Member
    Join Date
    Jun 2012
    Location
    Newport, OR
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I thought that was it. I'm gonna try something else about the way I did this. I get the following for all my hosted sites:

    Internal Server Error

    The server encountered an internal error or misconfiguration and was unable to complete your request.

    Please contact the server administrator and inform them of the time the error occurred, and anything you might have done that may have caused the error.

    More information about this error may be available in the server error log.
    Apache Server at www.slimdangdoo.com Port 443

  10. #10
    SitePoint Member
    Join Date
    Jun 2012
    Location
    Newport, OR
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I just noticed that when a bookmark/shortcut/favorite is written for the three sites with https in, two start secured; mine doesn't completely.

    2 start and they say they are secured with a high grade encryption. Mine just flashes blue in the url line and says its only partially encrypted.

  11. #11
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,671
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    JC/SS,

    Sorry to come late to your party!

    @JC, Using hosting with GoDaddy is your first error. They are notorious for being a terrible host (albeit a good registrar). There are so many posts here complaining about GoDaddy that it's surprising to find members still being aboused by them.

    Hosting with unlimited anything is (a) a misnomer (because there is no such thing) and (b) an indication that you're using shared hosting (and a shared IP Address - which cannot be used with a secure server certificate).

    Secure server certificates are not cheap! Multi-domains are even more expensive. Of course, you bought from GD so they're outside GD's core business and likely not to do anything useful but allow you to use encryption. Personally, I "share" my own secure server certificate with clients as a cost-saving measure for them (both the cert and required IP Address are yearly charges) with the only downside that the URL for their using my cert includes my domain and their directory in the path to their secure file(s).

    Now, it appears that you want the entire websites encrypted (in transmission): Why? That seems to be an abuse of the secure server as it's normally reserved for handling sensitive information. For example, look at ZenCart's parsing of links into secure and non-secure handling.

    SS directed you to the mod_rewrite tutorial linked in my signature where I have mod_rewrite code to direct to https in a universal manner as well as selectively (which I recommend). Did you bother to read any of that?

    An Internal Server Error is normally the sign that you've had a syntax error in your .htaccess file. Check that carefully and, if you can't spot the error, comment out the entire file then uncomment a line at a time to discover the culprit.

    Partial encryption says that you've included files which are not encrypted. To me, that says that you're using absolute links within the scripts loaded which are http://yadda.yadda/unsecured. Have a look through your code for something like that.

    You might benefit from reading the mod_rewrite tutorial linked in my signature as it contains explanations and sample code. It's helped may members and should help you, too.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  12. #12
    SitePoint Member
    Join Date
    Jun 2012
    Location
    Newport, OR
    Posts
    8
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dklynn View Post
    JC/SS,

    Sorry to come late to your party!

    @JC, Using hosting with GoDaddy is your first error.............
    You might benefit from reading the mod_rewrite tutorial linked in my signature as it contains explanations and sample code. It's helped may members and should help you, too.

    Regards,

    DK
    As I said, I've read/studied everything I could for the past 12 days and tried to comprehend it. I'm only now becoming aware that one "should" only secure the pages when needed for credit cards, etc.

    Um. Go Daddy has been great so far, but what do I know. I shall continue to persevere. Again, I will continue to study. and RE-read various tutorials. Thanks for your time.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •