Log in

How can I force https every time in my elgg site ?

Nirmalya Sikdar
By Nirmalya Sikdar

https://safalaya.com/How can I force https every time in my elgg site ? . I am using elgg - 6.1.5 

my htaccess file

# Elgg htaccess directives

# Don't allow MultiViews
Options -MultiViews

# Don't allow listing directories
Options -Indexes

# Follow symbolic links
Options +SymLinksIfOwnerMatch

# Default handler
DirectoryIndex index.php

############################
# BROWSER CACHING
############################

# Make sure .ico has proper MIME type, allowing mod_expires to handle them.
<IfModule mod_mime.c>
    AddType image/vnd.microsoft.icon .ico
</IfModule>

# The expires module controls the Expires and Cache-Control headers. Elgg sets
# these for dynamically generated files so this is just for static files.
<IfModule mod_expires.c>
     ExpiresActive On
     ExpiresDefault "access plus 1 year"
</IfModule>

# Conditional requests are controlled through Last-Modified and ETag headers.
# Elgg sets these on dynamically generated cacheable files so this is just for
# static files. Note: Apache sends Last-Modified by default on static files so
# I don't think we need to be sending ETag for these files.
<FilesMatch "\.(jpg|jpeg|gif|png|mp3|flv|mov|avi|3pg|html|htm|swf|js|css|ico)$">
    FileETag MTime Size
</FilesMatch>

############################
# PHP SETTINGS
############################
<IfModule mod_php.c>
    # If using PHP 8+
    # limit the maximum memory consumed by the php script to 64 MB
    php_value memory_limit 64M
    # post_max_size is the maximum size of ALL the data that is POST'ed to php at a time (8 MB)
    php_value post_max_size 2100M
    # upload_max_filesize is the maximum size of a single uploaded file (5 MB)
    php_value upload_max_filesize 2048M
    # on development servers, set to 1 to display errors. Set to 0 on production servers.
    php_value display_errors 0
</IfModule>

############################
# COMPRESSION
############################

# Turn on mod_gzip if available
<IfModule mod_gzip.c>
    mod_gzip_on yes
    mod_gzip_dechunk yes
    mod_gzip_keep_workfiles No
    mod_gzip_minimum_file_size 1000
    mod_gzip_maximum_file_size 1000000
    mod_gzip_maximum_inmem_size 1000000
    mod_gzip_item_include mime ^text/.*
    mod_gzip_item_include mime ^application/javascript$
    mod_gzip_item_include mime ^application/x-javascript$
    # Exclude old browsers and images since IE has trouble with this
    mod_gzip_item_exclude reqheader "User-Agent: .*Mozilla/4\..*\["
    mod_gzip_item_exclude mime ^image/.*
</IfModule>

## Apache2 deflate support if available
##
## Important note: mod_headers is required for correct functioning across proxies.
##
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript image/svg+xml
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.[0678] no-gzip
    BrowserMatch \bMSIE !no-gzip
    <IfModule mod_headers.c>
        Header append Vary User-Agent env=!dont-vary
    </IfModule>

    # The following is to disable compression for actions. The reason being is that these
    # may offer direct downloads which (since the initial request comes in as text/html and headers
    # get changed in the script) get double compressed and become unusable when downloaded by IE.
    SetEnvIfNoCase Request_URI action\/* no-gzip dont-vary
    SetEnvIfNoCase Request_URI actions\/* no-gzip dont-vary
</IfModule>

############################
# REWRITE RULES
############################
<IfModule mod_rewrite.c>
    RewriteEngine on

    # If Elgg is in a subdirectory on your site, you might need to add a RewriteBase line
    # containing the path from your site root to elgg's root. e.g. If your site is
    # http://example.com/ and Elgg is in http://example.com/sites/elgg/, you might need
    # RewriteBase /
    #
    # here, only without the # in front.
    #
    # If you're not running Elgg in a subdirectory on your site, but still getting lots
    # of 404 errors beyond the front page, you could instead try:
    #
    #RewriteBase /

    # If your users receive the message "Sorry, logging in from a different domain is not permitted"
    # you must make sure your login form is served from the same hostname as your site pages.
    # See http://learn.elgg.org/en/stable/appendix/faqs/general.html#login-token-mismatch for more info.
    #
    # If you must add RewriteRules to change hostname, add them directly below (above all the others)
    # explicitly allow access for the .well-known directory
    RewriteRule "^.well-known/" - [L]

    # hide all dot files/dirs (.git)
    RewriteRule (^\.|/\.) - [F]

    # Prevent access to the composer.json and .lock file
    RewriteRule /?(composer\.json|composer\.lock)$ - [F]

    # Optional hardening rules to block access to files in the following directories
    # The following conditions can be enabled, when enabling at least one the last three lines NEED to be enabled
    RewriteCond %{REQUEST_URI} ^/actions/ [OR]
    RewriteCond %{REQUEST_URI} ^/bower_components/ [OR]
    RewriteCond %{REQUEST_URI} ^/elgg_config/ [OR]
    RewriteCond %{REQUEST_URI} ^/engine/ [OR]
    RewriteCond %{REQUEST_URI} ^/grunt/ [OR]
    RewriteCond %{REQUEST_URI} ^/install/ [OR]
    RewriteCond %{REQUEST_URI} ^/languages/ [OR]
    RewriteCond %{REQUEST_URI} ^/vendor/ [OR]
    RewriteCond %{REQUEST_URI} ^/mod/(.*)/actions/ [OR]
    RewriteCond %{REQUEST_URI} ^/mod/(.*)/languages/ [OR]
    RewriteCond %{REQUEST_URI} ^/mod/(.*)/vendor/ [OR]
    RewriteCond %{REQUEST_URI} ^/mod/(.*)/classes/ [OR]
    # The following condition is needed in order to easily enable (some of the) previous conditions
    RewriteCond 1 2

    # The following files are whitelisted for the installer
    RewriteCond %{REQUEST_URI} !/vendor/npm-asset/jquery/dist/jquery.min.js
    RewriteCond %{REQUEST_URI} !/vendor/elgg/elgg/views/default/graphics/elgg_logo.png
    RewriteCond %{REQUEST_URI} !/vendor/elgg/elgg/views/default/graphics/favicon.ico
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteRule ^(.*)$ - [F,L]

    # Everything else that isn't a file gets routed through Elgg
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>

 

What change I have to make here

  • Nikolai Shcherbin
    Nikolai Shcherbin 
    # HTTP to HTTPS
# Exclude subdomains
RewriteCond %{HTTP_HOST} ^(www\.)?safalaya\.com\/$ [NC]
RewriteCond %{HTTPS} off
RewriteRule ^ https://www.safalaya.com%{REQUEST_URI} [NC,L,R]

# Add WWW on SSL
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [NC,L,R]

    Learn more: 1, 2, 3, 4

Elgg Technical Support

Elgg Technical Support

Get support from other Elgg users

Navigation

Contact

info@elgg.org

Security issues should be reported to security@elgg.org!

Legal

©2014 the Elgg Foundation

Elgg is a registered trademark of Thematic Networks.

Cover image by RaĆ¼l Utrera is used under Creative Commons license.

Icons by Flaticon and FontAwesome.