Hi,
I have had an SSL certificate installed on my server and successfully changed the URLto https in the config.php file.
However, when navigating to my site, I get the message "For security reasons only https connections are allowed, sorry."
This isn't ideal as visitors are likely to move away when they get that message.
How can I force a redirect from http to https to avoid this problem?
Thanks for your help.
Carolyn
I've managed to sort this by creating a new .htaccess file in my root directory and adding the following:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ {SERVER_NAME}/$1 [R,L]
Hi Eduardo, the root directory is the one that your web server is serving the moodle files from. It's the same one that you put the main moodle code files in, ie: where config.php and index.php reside.
Hello,
Here i can tell you the code it may helps you.
To redirect http URLs to https, do the following:
<VirtualHost *:80>
ServerName www.example.com
Redirect / https://www.example.com/
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
# ... SSL configuration goes here
</VirtualHost>MadisonQuinn
(Edited by Helen Foster to remove signature, since they are not allowed in the forums according to the moodle.org site policy - original submission Tuesday, 27 June 2017, 9:55 AM)
To improve and generalize Madison's example to make a generic line you can put in, if you are using Apache, the Redirect / part could be replaced with the below:
RewriteEngine on
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
This way if they went to the non-https version, http://www.example.com/course1/activity1 it would instead take them to https://www.example.com/course1/activity1 rather than https://www.example.com, making their shortcut become a secure one transparently without them having to re-do it.
How would we adapt this for our setup, where we changed http://moodle.ourdomain to https://moodle.srv.ourdomain (to use the wildcard certificate that IT migrated loads of other webapps to).
That seems strange to me. You should be able to use DNS to keep the same url. But you should still be able to rewrite it - just have the original url in the first part and the new one in the second part...
Normally, when creating a CSR to submit to a CA, one has to generate a server key. That key not shared with any other server as it's supposed to be unique for that server. That key is paired with the CRT generated by the CA.
Acquire the global/entity/domain key file and global/entity/domain crt and use it as the key/crt on your Moodle server.
The keys and crt's must match ... one can check this with the following commands (replacing filenames for your setup):
openssl x509 -noout -modulus -in certs/STAR_tcea_org.crt | openssl md5 > crtmodulus;
openssl rsa -noout -modulus -in private/tcea.key | openssl md5 > keymodulus;diff crtmodulus keymodulus
openssl x509 -noout -modulus -in certs/STAR_tcea_org.crt | openssl md5;
openssl rsa -noout -modulus -in private/tcea.key | openssl md5;
The modulus outputs are short lines that match - beginning character and every character in the line exactly equal to the other line.
Also, the entity from which you acquired the CRT's should have some customer directions for how to install their certs. Have noticed some differences between CA's in installing certs on Linux platform with Apache server. They usually don't mention NginX or other.
Might want to check that info.
'spirit of sharing', Ken
Hi Dave, if you are looking for the apache redirect string, something like the below should work, replacing what the definition for moodle.ourdomain was before. You would also need the new moodle.srv.ourdomain virtualhost also.
<VirtualHost *:80>
ServerName moodle.ourdomain
RewriteEngine On
RewriteRule (.*) https://moodle.srv.ourdomain%{REQUEST_URI} [R=301,L]
#possible other stuff here depending on your config
</VirtualHost>
Hi,
There are 2 methods to redirect website http to https.
You can use this code and edit .htaccess file to move from Http to Https,
Please add this to the .htaccess file
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Method :2 - Using PHp Function
< ?php
function redirectTohttps() {
if($_SERVER[‘HTTPS’]!=”on”) {
$redirect= “https://”.$_SERVER[‘HTTP_HOST’].$_SERVER[‘REQUEST_URI’];
header(“Location:$redirect”); } }
?>
Thanks,Yuvan
(Edited by Helen Foster to remove signature, since they are not allowed in the forums according to the moodle.org site policy - original submission Wednesday, 18 October 2017, 11:54 AM)
Hello There!
Will this work on IIS 10? I have my server running in IIS and I just updated it to 3.3.3.
Thanks in advance!
J.Guzman
Can you not just stick an .htaccess file into the site root with:
RewriteEngine On
RewriteClond % 80
RewriteRule ^(. \*)$ HTTPS://moodle.site.url/$1 [R, L]
Dave
Add the below code to the .htaccess file
Options +SymLinksIfOwnerMatch
RewriteEngine On
RewriteCond %{SERVER_PORT} !=443
RewriteRule ^ https://[your domain name]%{REQUEST_URI} [R,L]
Where [your domain name] is your website's domain name.
You can also redirect specific folders off of your domain name by replacing the last line of the code above with:
RewriteRule ^ https://[your domain name]/[directory name]%{REQUEST_URI} [R,L]saanvi s
(Edited by Helen Foster to remove signature link, since they are not allowed in the forums according to the moodle.org site policy - original submission Thursday, 28 September 2017, 1:32 PM)