Support

Do you have specific documentation on using Admintools and SSL certificates ?

I need to pass an existing http site to https and what to know how it will work with Admintools

I’m using .htaccess Maker to produce the first htaccess but I add my own custom code at few points.


• One point that I really worry about is my actual 301 www to non-www redirection

##### Redirect index.php to / -- BEGIN
RewriteCond %{THE_REQUEST} !^POST
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteCond %{SERVER_PORT}>s ^(443>(s)|[0-9]+>s)$
RewriteRule ^index\.php$ http%2://mysite.com/ [R,L]
##### Redirect index.php to / -- END
##### Redirect www to non-www -- BEGIN
# HTTP
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
# HTTPS
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTP:X-Forwarded-Proto} !=http
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
##### Redirect www to non-www -- END

• Do I have other things to be worry about ?


Thanks in advance!

The actual conversion from http to htttps is handled by Joomla!. Go to the Global Configuration screen and set the entire site to secure. There is a setting in .htaccess Maker. all the way at the bottom of the screen, set "HSTS Header (for HTTPS-only sites)" to Yes.

You can redirect index.php to the roor from within .htaccess Maker, you can also forward www to non-www from there. If you don't use the built in code, just put your custom code in .htaccess Maker so it survives when you re-generate the file.

Thanks Dale
Ok,
a) Joomla handle the redirect
b) set "HSTS Header (for HTTPS-only sites)" to Yes in htaccessMaker

What I see in a SSL Admintools generated in (b)...) htaccess

1• This part stay the same/same place in a non-ssl htaccess

##### Redirect index.php to / -- BEGIN
RewriteCond %{THE_REQUEST} !^POST
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteCond %{SERVER_PORT}>s ^(443>(s)|[0-9]+>s)$
RewriteRule ^index\.php$ http%2://mysite.com/ [R=301,L]
##### Redirect index.php to / -- END

Well I did have an error in my first example
—> http%2://mysite.com/ [R,L] to http%2://mysite.com/ [R=301,L]

2• the following code for the ##### Redirect www to non-www -- BEGIN is modified

This following part is gone and replace by the HTTP to HTTPS redirection that go just under the first “RewriteEngine” in the SSL version

The part gone in the SSL version

# HTTP
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
# HTTPS
RewriteCond %{HTTPS} =on [OR]
RewriteCond %{HTTP:X-Forwarded-Proto} !=http

3• This part stay the same/same place
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
##### Redirect www to non-www -- END

4• On top of the SSL version, you find now.

##### RewriteEngine enabled - BEGIN
RewriteEngine On
##### RewriteEngine enabled - END

##### HTTP to HTTPS redirection
## Since you have enabled HSTS the first redirection rule will instruct the browser to visit the HTTPS version of your
## site. This prevents unsafe redirections through HTTP.
RewriteCond %{HTTPS} !=on [OR]
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule .* https://mysite.com%{REQUEST_URI} [L,R=301]

QUESTION: Can you confirm that the url in this line is “https://mysite.com” in a live situation — I ask because testing on localhost it was https://localhost”

RewriteRule .*https://mysite.com%{REQUEST_URI} [L,R=301]

Regular expressions are not my friend so I had to get some help from Nicholas and Davide. They said that this will be fine on the live site, but they don't recommend trying to set up and test on your development site.

Yes, me to, regular expression are not my forte. Thanks for the confirmation. What I describe here is the way hatches maker handle SSL. I didn’t had any custom code.

You can close that ticket and again thank you for the help.

You're welcome!