I have a number of subdomains that I am slowly converting over to use https only. Since I need to create an .htaccess file to redirect from http to https (as per here), can I create a single app containing that .htaccess file and simply reuse it for all my redirect website records? Is there any potential danger in doing it this way, or do I really need to have a separate app for each redirect website record? asked 26 Sep '18, 00:07 kjodle |
I reuse a single app for all http -> https redirects. I have been unable to think of any risk in doing so. answered 26 Sep '18, 00:14 williaminwi can you provide an example of how to accomplish this?
(29 Oct '18, 05:57)
baba
You have to do exactly what you described in your question. Create a RewriteEngine On RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} !^/(.well-known)(/|$) RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} Then create an http website, add all the domains and subdomains you want to redirect to https and only attach the application you've created above. Every http request of a domain or subdomain on the list will be redirected to the exact same https url.
(29 Oct '18, 09:16)
iliasr ♦♦
thanks. it seems to work for one site but not the other. do i need to enable Lets Encrypt for each site that i will be redirecting via redirect_to_https app?
(29 Oct '18, 17:42)
baba
You need to make sure the URI /.well-known/acme-challenge/ is not being redirected by your application code.
(29 Oct '18, 21:06)
johns ♦♦
@iliasr @johns I can see that a new line was added to the recommended redirect rule:
(31 Oct '18, 19:29)
teks
1
Let's Encrypt challenges happen over http. We added that condition in our documentation to make sure that requests for any The The
(01 Nov '18, 14:30)
iliasr ♦♦
@iliasr Thank you for the throughout explanation! I already issued the Let's Encrypt SSL, do you recommend that I add the new condition to the htaccess of my redirect app as well? or is it not necessary for the cert renewal process? (only for the initial validation maybe?)
(01 Nov '18, 16:14)
teks
1
Yes, that should be added to your redirect application as well. Just above the ReWrite rule as shown in our documentation here
(01 Nov '18, 16:22)
bmeyer71 ♦♦
Please consider updating @iliasr 's answer to reflect the latest recommended htaccess code (which is now different) or include a link to the docs page so other people reading this can be aware of the new changes: https://docs.webfaction.com/software/static.html#static-redirecting-from-http-to-https
(21 Nov '18, 22:59)
teks
showing 5 of 10
show 5 more comments
|