How to successfully implement https [DROPLET]

[crnogorac081]

Hello,

here is tutorial how to successfully implement https on your website. Today there are many ways to get free certificate and use https on your website.

So far known steps are:

In config.php instead

Code: [Select]

define('WB_URL', 'http://my-domain.com');
Change "http" to "https"

Code: [Select]

define('WB_URL', 'https://my-domain.com');

Also in .htaccess

Code: [Select]

RewriteEngine On
## Redirect from non-www to www , and change to https
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

In addition to this, make a droplet

Code: [Select]

global $wb;
$wb->preprocess($wb_page_data);
$url = WB_URL;
$url = preg_replace("(^https?://)", "", $url );
$wb_page_data = str_replace('http://'.$url, '//'.$url, $wb_page_data);
return true;

It will change all links that are manually inserted in modeules (and not via WB_URL variable) to https.

This way you will not get warning in browser warning "Conection not secure. Parts of this page are not secure (such as images)."

If there is a better way for this fell free to modify the code.

[dbs]

Hi, this is the right way.
In the droplet or other modules you can remove the line

Code: [Select]

$wb->preprocess($wb_page_data);The line is outdated and without function.

[EPFI]

Hi,

We have company's web site implemented using Website baker. The issue is that site tries to load resources from unsecure side which causes mixed content errors in browser, see https://www.compressor.fi/ (doesn't work) vs http://www.compressor.fi/ (works). I'm new to this tool and couldn't find a place where these resource URI's are defined. Does anyone have an idea how this could be fixed?

I can not find correct path "config.php" which mentioned in the instructions

[crnogorac081]

config file is under root of your html folder

[hgs]

Two questions beforehand
Is there a valid certificate for the URL?
Is it linked to the URL?

I suspect that in the config.php the URL is entered in this form.
(Attention, no copy template!! I have masked the access data)

<?php
/*
 *** auto generated config file for 2.13.0
 *** WebsiteBaker 2.13.0
 *** created at 2021-05-30 12:23:09 Europe/Berlin
 */
// define('DEBUG', false);
define('DB_TYPE', 'mysqli');
define('DB_HOST', 'localhost');
define('DB_PORT', '3306');
define('DB_NAME', 'xxxxxxxxx');
define('DB_USERNAME', 'xxxxxxxx');
define('DB_PASSWORD', 'xxxxxxxxxxxxxxxx');
define('DB_CHARSET', 'utf8_unicode_ci');
define('TABLE_PREFIX', 'wb_');

define('WB_URL', 'http://www.compressor.fi); // no trailing slash or backslash!!
define('ADMIN_DIRECTORY', 'admin'); // no leading/trailing slash or backslash!! A simple directory name only!!

require __DIR__.'/framework/initialize.php';
// --- end of file ----------------------------------

This would have to be changed if the two questions were answered with yes.
The change, which are relevant for you, is shown "red" in the example

<?php
/*
 *** auto generated config file for 2.13.0
 *** WebsiteBaker 2.13.0
 *** created at 2021-05-30 12:23:09 Europe/Berlin
 */
// define('DEBUG', false);
define('DB_TYPE', 'mysqli');
define('DB_HOST', 'localhost');
define('DB_PORT', '3306');
define('DB_NAME', 'xxxxxxxxx');
define('DB_USERNAME', 'xxxxxxxx');
define('DB_PASSWORD', 'xxxxxxxxxxxxxxxx');
define('DB_CHARSET', 'utf8_unicode_ci');
define('TABLE_PREFIX', 'wb_');

define('WB_URL', 'https://www.compressor.fi); // no trailing slash or backslash!!
define('ADMIN_DIRECTORY', 'admin'); // no leading/trailing slash or backslash!! A simple directory name only!!

require __DIR__.'/framework/initialize.php';
// --- end of file ----------------------------------

[EPFI]

So I guess this (modifying config.php and .htaccess) is something that cannot be done using Website baker's web interface? I don't have access to the server at the moment.

[hgs]

Correct, this is only possible via FTP access.