HTTPS configuration for OctoberCMS

Question

Hi everyone here I am again. I have been looking for the correct https configuration for october so that when visitors type www.mywebsite.com, the brower will assume https:// to be the beginning instead.

I changed the linkPolicy to secure (I tried force too but not sure where is the app.url that it mentioned in the comment) and 'backendForceSecure' to true, it works on when I access www.mywebsite.com/backend (automatically access via https) but not www.mywebsite.com (still access via http). Please help.

@dragontree I do not think that helps but thanks for your input. There should be some configuration that we can set I believe... — warmjaijai, May 22 '17 at 09:03
As far as I know, there there is currently no such setting for the frontend in OctoberCMS, that is why I suggested using htaccess — dragontree, May 22 '17 at 09:32
Noted. Thanks a lot for your information. Really hope that OctoberCMS will be improved for these common requirements. — warmjaijai, May 23 '17 at 06:29

Behiry · Answer 1 · 2018-11-20T17:04:43.933

This solution worked for me.

1- Enable debug mode:

in config/app.php

'debug' => true,

2- Clear cache

3- Add those lines, in the .htaccess file at the root of your site :

    ## Force secure connection
    RewriteCond %{HTTP:X-Forwarded-Proto} =http [OR]
    RewriteCond %{HTTP:X-Forwarded-Proto} =""
    RewriteCond %{HTTPS} !=on
    RewriteRule ^https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

4- Modifiy the app.url in the /web/config/app.php file

    'app.url' => 'https://...',

score 0 · Answer 2 · answered May 30 '17 at 14:47

0

Still no solution for configure https in October CMS? I have nginx shared hosting with Let's encrypt certificate and linkPolicy='secure' still not work properly. How this CMS want to be popular if such a "small" problem can't be fix for 2 years (just check official forum and threads like "Routing over SSL", "Forcing SSL" etc. Using .htaccess is only workaround. F. ex. how to solve this in nginx (without .htaccess)? Buy another server?

answered May 30 '17 at 14:47

Zuba Eman

11
3

OctoberCMS is a very good CMS in my opinion but there is still a lot of space to be improved. I am also struggling a lot in looking for answers for some issues but no luck... – warmjaijai Jun 01 '17 at 06:05
And I dont think it is proper to ask questions by answering people's questions in Stackoverflow. You can choose to comment on it like what I do now instead. – warmjaijai Jun 01 '17 at 06:09

score 0 · Answer 3 · answered May 30 '17 at 15:08

Use .htaccess or configure your apache or ngix to use https and redirect all traffic to https. ngix: https://serverfault.com/questions/67316/in-nginx-how-can-i-rewrite-all-http-requests-to-https-while-maintaining-sub-dom

apache How to redirect all HTTP requests to HTTPS

Use htst headers

Strict-Transport-Security: max-age=31536000

https://www.owasp.org/index.php/HTTP_Strict_Transport_Security_Cheat_Sheet

In path/to/october/config/app.php set your url value to a https domain.

Thanks for your input but I yet to have the chance to try that out. — warmjaijai, Jun 01 '17 at 06:06

HTTPS configuration for OctoberCMS

3 Answers3