Hello

I have installed backdrop CMS 1.9.1 and the I enable Let's encypt with cPanel

But my site is not secured with https, how can enable https

thank you

Accepted answer

It sounds like you have SSL installed and set up but you want to make sure that the site requires visitors to use SSL, is that right?

If so, you can add a few lines to your .htaccess file to do so. Underneath the "RewriteEngine on" line, add:

# Force SSL
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

 

Most helpful answers

Here are three good tools for setting up HTTPS/SSL on your Backdrop site:

  1. Tell backdrop to deliver pages via HTTPS by checking the box for "Use HTTPS for canonical URLs" under Configuration > URL Handling > URL Settings.
  2. Redirect all incoming traffic from HTTP to HTTPS via .htaccess (see above) if you are on Apache
  3. Set  $base_path in settings.php and include https

Comments

It sounds like you have SSL installed and set up but you want to make sure that the site requires visitors to use SSL, is that right?

If so, you can add a few lines to your .htaccess file to do so. Underneath the "RewriteEngine on" line, add:

# Force SSL
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

 

Thank for sharing Laryn,

searching in drupal i found these settings, i think they work,

# Take advantage of HSTS if it's available & the request was over https.
  Header always set Strict-Transport-Security "max-age=3456000; includeSubDomains" env=HTTPS

  # Force all traffic to be https & strip 'www.' prefix.
  RewriteCond %{HTTP_HOST} ^www\. [NC,OR]
  RewriteCond %{HTTPS} off
  RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
  RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]

 

drop's picture

Here are three good tools for setting up HTTPS/SSL on your Backdrop site:

  1. Tell backdrop to deliver pages via HTTPS by checking the box for "Use HTTPS for canonical URLs" under Configuration > URL Handling > URL Settings.
  2. Redirect all incoming traffic from HTTP to HTTPS via .htaccess (see above) if you are on Apache
  3. Set  $base_path in settings.php and include https
drop's picture

are you recommending doing all three

Yes, I'm recommending all three! :)