Settings for https
From GeeklogWiki
Revision as of 22:38, 2 January 2014 by Dirk (talk | contribs) (Documented settings to make geeklog.net work over https)
Contents
Settings for using https on geeklog.net
In Geeklog
Configuration
- Configuration > Geeklog Configuration > Site > Site: Make sure both "Site URL" and "Admin URL" use an URL starting with "https"
- Configuration > Geeklog Configuration > Miscellaneous > Cookies: Set "Cookie Secure" to "True"
Templates, CSS, etc.
Make sure all images are references using https: URLs. Otherwise, browsers will warn their users about a mix of secure and insecure content on the page.
On the Server
In .htaccess, have this:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]
Note that the [L] is not strictly necessary for https to work, but will prevent issues with other rewrite rules, e.g. those that make sure geeklog.net always redirects to www.geeklog.net
Other Considerations
The above rewrite rule ensures that all links using http: will automatically redirect to their https: counterpart. Since this will cause another HTTP request, it's desirable to update old links - at least those in the geeklog.net database. The "Migrate" option in the install script should be able to do that.