change forum to https - can I just redirect all to https?

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
ttfan
Registered User
Posts: 23
Joined: Sun Jan 27, 2013 10:39 am
Contact:

change forum to https - can I just redirect all to https?

Post by ttfan » Fri Apr 26, 2019 3:37 am

I'm currently running an old version of phpbb 3.0.9, and since I use a custom style based on subsilver2 with a lot of mods, I've not had the time to upgrade.
I'd like to change the forum from http to https, and already have the certificate installed and all https request already all work fine.
I've read that changing the forum setting to https and also the cookie settings causes some people to get locked out of admin, which worries me a great deal because I'm not really experienced enough to get the resolved.

So my question is, can I just do a 301 redirect of all http request to https? Will that basically be the same, or is there a reason why a change of forum settings to https is required?

Thanks guys!

.m.
Registered User
Posts: 438
Joined: Wed Nov 04, 2009 8:39 pm

Re: change forum to https - can I just redirect all to https?

Post by .m. » Fri Apr 26, 2019 5:28 am

it is better to change the board settings [board url & secured cookie]
&
also use .htaccess redirect from non-secured URLs to secured URLs

see this related topic => Force https and www

(basically I do not prefer forcing www ;
www URLs should be also redirected)

User avatar
Mick
Support Team Member
Support Team Member
Posts: 21078
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket - definitely

Re: change forum to https - can I just redirect all to https?

Post by Mick » Fri Apr 26, 2019 7:48 am

Support for phpBB versions earlier than 3.2.0 has ended. Any support requests regarding those versions are limited to help with conversion to the latest version. If you require assistance upgrading please post back.
"The more connected we get the more alone we become" - Kyle Broflovski

ttfan
Registered User
Posts: 23
Joined: Sun Jan 27, 2013 10:39 am
Contact:

Re: change forum to https - can I just redirect all to https?

Post by ttfan » Fri Apr 26, 2019 7:50 am

Thank you!

Yes I would definitely force https via .htaccess, but my question is, can I just do that, and not require to force the cookie settings?

User avatar
Mick
Support Team Member
Support Team Member
Posts: 21078
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket - definitely

Re: change forum to https - can I just redirect all to https?

Post by Mick » Fri Apr 26, 2019 7:56 am

"The more connected we get the more alone we become" - Kyle Broflovski

ttfan
Registered User
Posts: 23
Joined: Sun Jan 27, 2013 10:39 am
Contact:

Re: change forum to https - can I just redirect all to https?

Post by ttfan » Fri Apr 26, 2019 8:07 am

Thank you, yes I appreciate that.

My question is though, can I just force to https via .htaccess, without changing the cookie settings?
I asked because I know people have reported getting locked out of the ACP, and if this happens I'm not sure if I have the skills to fix it. The fix you linked to is probably for the latest version, and I don't know if this will still work for my version.

User avatar
Mick
Support Team Member
Support Team Member
Posts: 21078
Joined: Fri Aug 29, 2008 9:49 am
Location: Watching cricket - definitely

Re: change forum to https - can I just redirect all to https?

Post by Mick » Fri Apr 26, 2019 8:17 am

That article is good for phpBB versions 3.0.* and upwards. If you’re using ssl you need to enable cookie secure as you will experience issues staying logged in as well as other things if you don’t.
Mick wrote:
Fri Apr 26, 2019 7:48 am
If you require assistance upgrading please post back
otherwise I’ll lock this topic.
"The more connected we get the more alone we become" - Kyle Broflovski

User avatar
Lumpy Burgertushie
Registered User
Posts: 66268
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: change forum to https - can I just redirect all to https?

Post by Lumpy Burgertushie » Fri Apr 26, 2019 1:51 pm

you must do both.

if you only do one or the other you will have the problems you are seeing.

you keep saying people getting locked out of the acp. only admins should be able to access the acp to start with.

anyway, once you have set the htaccess to redirect and you have the cookie settings correct there should be no problems for anyone.
remember, one of the steps in setting the cookies is to change the cookie name. when you do that it causes everyone to have to log in the next time they visit to get the new cookie.

luck,
robert
I am going to be out of town and off line for a week . see ya when I get back.

Premium phpBB 3.2 Styles by PlanetStyles.net

If a tree falls in the forest and nobody is there, does it make a sound?

Post Reply

Return to “[3.2.x] Support Forum”