Manual Einrichtung Weiterleitung HTTPS/en
Aus EUserv Wiki
Languages: |
Deutsch • English |
Setting up a permanent HTTPS redirection
Inhaltsverzeichnis |
Setting up a permanent HTTPS redirection
General
If you operate a website where sensitive data are exchanged between the webserver and your website visitors, an HTTPS connection (Hypertext Transfer Protocol Secure) is always advisable to provide data security.
Learn here how to adapt your website to HTTPS without any additional plugins and what has to be considered therefore.
Requirements
Before setting up a HTTPS-redirect please comply with the following requirements:
- Equipped Webserver or rather Webspace, which is available via HTTP:// and HTTPS:/
- Run capable Website in Rootdirectory of your Webserver
- Installed SSL Certificate or use of shared SSL
- FTP-Login to staorage space of your Webserver to upload files
To protect your sensitive data you need a secure certficate (SSL) containing a qualified signature. EUserv offers the possibility to activate SSL support for subdomains of your webspace plan via customer panel. In this regard the following Wiki guide will offer some helpful information:
Kundencenter Webspace SSL-Support
Setting up a HTTPS redirect requires an Upload of files to your webserver via FTP.
Therefor please make sure to keep the following FTP Login data ready:
- FTP server address
- FTP username
- FTP password
If you already have arranged FTP accounts for your webspace, you will find FTP user data in EUserv customer panel. If you haven't arranged FTP accounts yet, you will get help in the following Wiki guide:
Creating FTP accounts
If you comply with all the requirements you can now set up HTTPS redirect by one of the following represented techniques. This kind of redirection is also called 301 Redirect.
How to redirect HTTP to HTTPS permanently
Overview of the techniques
To set up a redirect of your website from http:// to a secured URL with https://, you can use one of the following techniques:
- Using .htaccess - file in root directory of your webspace
- Using PHP with header redirect
- Using meta refresh tag in HTML
Redirect HTTP to HTTPS using .htaccess - file
General information about .htaccess files
The .htaccess file is a configuration file (text document), which should be created in root directory of your website. This directory also includes the files index.php and index.htm which has to be uploaded to your webspace via FTP after adaption.
General setup with .htaccess - file
Create a file named .htaccess with your favorite text editor. To call all sites of your domain via SSL connection you can set a corresponding entry in this .htaccess file in root directory of your domain. Therefore add the following source code in your .htaccess file. Replace <HOMEPAGE.DE> with your corresponding domain:
RewriteEngine On RewriteCond %{HTTP:X-SSL} !^1$ RewriteRule (.*) https://www.<HOMEPAGE.DE>$1 [R=301,L]
Upload this .htaccess file via FTP program (e.g. FileZilla) and your FTP user data to the root directory of your website.
Now your website will be redirected permanently to HTTPS via .htaccess file. The process is running in the background and thus invisible for your visitors. If the redirection doesn't work as requested please clear your browser cache.
Please notice: Faulty entries in .htaccess file may entail serious consequences. Changes of the .htaccess become effective directly after saving the document. Please provide a backup before making any changes!
Example for redirect HTTP to HTTPS using .htaccess - file
RewriteEngine On RewriteCond %{HTTP:X-SSL} !^1$ RewriteRule (.*) https://www.euserv.de$1 [R=301,L]
- The first line is necessary to activate the function for rewriting URLs in Apache webserver - The second line checks if the header for SSL encryption is set
- The third line contains the rule for rewriting URL
If condition of line 2 applies, all calls of any site will be redirected to https://www.euserv.de. With /$1 the original URL (e.g. impressum.html) will be added to the domain name. The parameter [L] indicates the end of rewriting URLs. Additional lines in the .htaccess file will be ignored.
Redirect HTTP to HTTPS using PHP via header redirect
General information about PHP header redirect
To setup a permanent redirection of HTTp to HTTPs with PHP, the source document must be a PHP file. If this condition is fulfilled, the PHP code will be written directly in the redirected document. To make these changes, you have to connect to your webspace via FTP.
General setup with PHP header redirect
A less complex but powerful possibility of redirection provides PHP and its function header().
Connect to your webspace via FTP program (e.g. FileZilla) and your FTP user data. Open the main site of your website (index.php). Add the following source code in the first line of your website which should be redirected. Replace <HOMEPAGE.DE> with your corresponding domain:
<?php if(empty($_SERVER['HTTP_X_SSL'])) { header("Location: https://www.<HOMEPAGE.DE>"); exit; } ?>
Save this file.
By adding this source code your website will be redirected permanently to HTTPS via header redirect with PHP. If the redirection doesn't work as requested please clear your browser cache.
Example for redirect HTTP to HTTPS using PHP header redirect
<?php if(empty($_SERVER['HTTP_X_SSL'])) { header("Location: https://www.euserv.de"); exit; } ?>
In this example any visitor, who called http://www.euserv.de will be automatically redirected to https://www.euserv.de. Furthermore it will be checked if the PHP variable for HTTPS is not set or is 0. In this case parsing of the actual document will be stopped by function exit(). This saves resources and doesn't cause a HTTP body.
Redirect HTTP to HTTPS using meta refresh tags in HTML
General information about meta refresh tag in HTML
A redirection via HTML is only recommended if a .htaccess file with permanent redirection is not possible or if you like to interconnect a welcome site or information site during redirection.
To set up a permanent HTTPS redirection you have to connect to your webspace via FTP.
General setup with meta refresh tag in HTML
Connect to your webspace via FTP program (e.g. FileZilla) and your FTP user data. Open the main site of your homepage (index.php). Add the following source code in the header area of this html file and replace <HOMEPAGE.DE> with your corresponding domain:
<head> ... <?php if(empty($_SERVER['HTTP_X_SSL'])) { ?> <meta http-equiv="refresh" content="0;URL='https://www.<HOMEPAGE.DE>'" /> <?php } ?> ... </head>
Save this file.
By adding this source code your website will be redirected permanently to HTTPS via meta refresh tag in HTML. If the redirection doesn't work as requested please clear your browser cache.
Hints:
The underlying source code arranges a redirection without any waiting time, because content="0...". If you like to present a short hint text for redirection or activate fade-in adverts or welcome information, please feel free to hand over a desired time line via a value to the variable "content". For example, if content="20..." is set in source code, the visitor will be redirected to the corresponding website after 20 seconds.
Most of the common browsers support this kind of redirection. By the way EUserv recommends to indicate a clickable link in the body area of your website to let visitors having deactivated such redirections also reach your website.
Example for redirect HTTP to HTTPS using meta refresh tag in HTML
<head> ... <?php if(empty($_SERVER['HTTP_X_SSL'])) { ?> <meta http-equiv="refresh" content="0;URL='https://www.euserv.de'" /> <?php } ?> ... </head>
In this example all visitors entered http://www.euserv.de will be redirected to https://www.euserv.de without any waiting time (content="0...").
Please notice: If visitors should yet being redirected to a subdomain e.g. https://www.euserv.de/server or any other (external) domain, the following meta refresh tag is sufficient:
<head> <meta http-equiv="refresh" content="0;URL='https://www.euserv.de/server'" /> </head>