Redirect to HTTPS

Problem Description

After the AWESOME work that has been done with lets-encrypt, I need to know if there is a way to automatically redirect to HTTPS. Apologies I’m a terrible sysadmin.

Any Error Messages

None

Environment

  • Sympl Version [9.0/10.0]: 10
  • Sympl Testing Version? [Yes/No] no
  • Debian Version [Buster/Stretch]: Stretch
  • Hardware Type? [Dedicated/Virtual/Pi] VM
  • Hosted On? [name of hosting co] mythic-beasts

Sure, that’s an easy one: just create an empty file named ssl-only in /srv/example.com/config and run sudo sympl-web-configure --verbose to make the change happen immediately.

https://wiki.sympl.host/view/Website_Configuration_Reference#Enforcing_HTTPS has all the details, and also info about turning on HSTS.

There is one thing that can go wrong here. If your site has an application that redirects, then it’s probably redirecting the wrong way, from https to http. For example, you could have a Wordpress site that thinks it’s http://example.com - you’d need to change that to https://example.com. And then you might not need sympl to do the redirection for you.

Also, it looks like sympl has separated out HSTS from redirection. If I recall correctly, Symbiosis used to enable HSTS with ssl-only. I’d recommend that you should only enable HSTS once you’re confident that ssl-only is working properly, and that certificates are being renewed. Enabling HSTS is a one-way street. It’s a good security option, but if you find something going wrong with ssl, then you can’t revert because all your visitors’ browsers will refuse to use a non-ssl version of the site.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.