How to force SSL?

I want to force SSL to my webisite.
Eg: http://example.com to https://www.example.com

There is an option you can add in your config.php, that will make Kirby redirect http requests to https.

c::set('ssl', true);

You should do that in your server config file or your .htaccess

see: https://github.com/texnixe/kirby-secrets/blob/master/docs/htaccess.md

FWIW, I had to use c::set('ssl', true);, and don’t mess with the .htaccess as it didn’t work on my hosting…

I use this in .htaccess

RewriteEngine on
RewriteCond %{HTTP_HOST} !^(.*).local$
RewriteCond %{HTTPS} =off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L,R=301]

I think the order should be like this depending on your hosting:

  1. DNS redirect (if possible)
  2. server config redirect (if you have your own server)
  3. .htaccess (if the hosting allows to set this setting via .htaccess)
  4. PHP based redirect (as a last resort; Kirby config setting as proposed by @bvdputte)

@texnixe What are the disadvantages of the PHP method?

The other options kick in earlier. The PHP routes are great for more complicated logic, especially when working with Kirby objects.

@neemmeek Are you on Kirby 2 or 3? This should actually work automatically.

On Kirby 2, you could also try and enforce http in your config.php:

c::set('ssl', true);

https://k2.getkirby.com/docs/cheatsheet/options/ssl

(Note that there is no such setting for Kirby 3)

What if you set the url as well:

c::set('url', 'https://yourdomain.test');

Ah, I first thought the stylesheets didn’t get loaded, but it’s an issue with your fonts. How do you load them? Could you provide a link to the site?

When looking at source, error in console:

Mixed Content: The page at ‘https://naammaak.nl/’ was loaded over HTTPS, but requested an insecure stylesheet ‘http://fonts.googleapis.com/css?family=Righteous&subset=latin,latin-ext’. This request has been blocked; the content must be served over HTTPS.

How do I change the http://fonts.goo… into https? I know how to edit a “normal” html index page but how does that work with Kirby?

Open an editor and edit the template/snippet (probably /site/snippets/header.php), change http:// to https:, save, upload.

It worked. Thank you. You made my day!

P.s. Please be informed that I deleted the previous replies because as a new member I’m only allowed to add 3 replies… Thanks again for helping me out.

1 Like