How to force SSL?

#1

I want to force SSL to my webisite.
Eg: http://example.com to https://www.example.com

0 Likes

#2

There is an option you can add in your config.php, that will make Kirby redirect http requests to https.

c::set('ssl', true);
0 Likes

#3

You should do that in your server config file or your .htaccess

see: https://github.com/texnixe/kirby-secrets/blob/master/docs/htaccess.md

0 Likes

#4

FWIW, I had to use c::set('ssl', true);, and don’t mess with the .htaccess as it didn’t work on my hosting…

0 Likes

#5

I use this in .htaccess

RewriteEngine on
RewriteCond %{HTTP_HOST} !^(.*).local$
RewriteCond %{HTTPS} =off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L,R=301]
0 Likes

#6

I think the order should be like this depending on your hosting:

  1. DNS redirect (if possible)
  2. server config redirect (if you have your own server)
  3. .htaccess (if the hosting allows to set this setting via .htaccess)
  4. PHP based redirect (as a last resort; Kirby config setting as proposed by @bvdputte)
0 Likes

#7

@texnixe What are the disadvantages of the PHP method?

0 Likes

#8

The other options kick in earlier. The PHP routes are great for more complicated logic, especially when working with Kirby objects.

0 Likes