Settings for https

From GeeklogWiki
Revision as of 22:38, 2 January 2014 by Dirk (talk | contribs) (Documented settings to make geeklog.net work over https)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Settings for using https on geeklog.net

In Geeklog

Configuration

  • Configuration > Geeklog Configuration > Site > Site: Make sure both "Site URL" and "Admin URL" use an URL starting with "https"
  • Configuration > Geeklog Configuration > Miscellaneous > Cookies: Set "Cookie Secure" to "True"

Templates, CSS, etc.

Make sure all images are references using https: URLs. Otherwise, browsers will warn their users about a mix of secure and insecure content on the page.


On the Server

In .htaccess, have this:

RewriteEngine On

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]

Note that the [L] is not strictly necessary for https to work, but will prevent issues with other rewrite rules, e.g. those that make sure geeklog.net always redirects to www.geeklog.net


Other Considerations

The above rewrite rule ensures that all links using http: will automatically redirect to their https: counterpart. Since this will cause another HTTP request, it's desirable to update old links - at least those in the geeklog.net database. The "Migrate" option in the install script should be able to do that.