Settings for https

From GeeklogWiki
Revision as of 22:38, 2 January 2014 by Dirk (talk | contribs) (Documented settings to make work over https)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Settings for using https on

In Geeklog


  • Configuration > Geeklog Configuration > Site > Site: Make sure both "Site URL" and "Admin URL" use an URL starting with "https"
  • Configuration > Geeklog Configuration > Miscellaneous > Cookies: Set "Cookie Secure" to "True"

Templates, CSS, etc.

Make sure all images are references using https: URLs. Otherwise, browsers will warn their users about a mix of secure and insecure content on the page.

On the Server

In .htaccess, have this:

RewriteEngine On

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]

Note that the [L] is not strictly necessary for https to work, but will prevent issues with other rewrite rules, e.g. those that make sure always redirects to

Other Considerations

The above rewrite rule ensures that all links using http: will automatically redirect to their https: counterpart. Since this will cause another HTTP request, it's desirable to update old links - at least those in the database. The "Migrate" option in the install script should be able to do that.