change forum to https - can I just redirect all to https?

Get help with installation and running phpBB 3.2.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
ttfan
Registered User
Posts: 23
Joined: Sun Jan 27, 2013 10:39 am
Contact:

change forum to https - can I just redirect all to https?

Post by ttfan »

I'm currently running an old version of phpbb 3.0.9, and since I use a custom style based on subsilver2 with a lot of mods, I've not had the time to upgrade.
I'd like to change the forum from http to https, and already have the certificate installed and all https request already all work fine.
I've read that changing the forum setting to https and also the cookie settings causes some people to get locked out of admin, which worries me a great deal because I'm not really experienced enough to get the resolved.

So my question is, can I just do a 301 redirect of all http request to https? Will that basically be the same, or is there a reason why a change of forum settings to https is required?

Thanks guys!
.m.
Registered User
Posts: 539
Joined: Wed Nov 04, 2009 8:39 pm

Re: change forum to https - can I just redirect all to https?

Post by .m. »

it is better to change the board settings [board url & secured cookie]
&
also use .htaccess redirect from non-secured URLs to secured URLs

see this related topic => Force https and www

(basically I do not prefer forcing www ;
www URLs should be also redirected)
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26508
Joined: Fri Aug 29, 2008 9:49 am

Re: change forum to https - can I just redirect all to https?

Post by Mick »

Support for phpBB versions earlier than 3.2.0 has ended. Any support requests regarding those versions are limited to help with conversion to the latest version. If you require assistance upgrading please post back.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
ttfan
Registered User
Posts: 23
Joined: Sun Jan 27, 2013 10:39 am
Contact:

Re: change forum to https - can I just redirect all to https?

Post by ttfan »

Thank you!

Yes I would definitely force https via .htaccess, but my question is, can I just do that, and not require to force the cookie settings?
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26508
Joined: Fri Aug 29, 2008 9:49 am

Re: change forum to https - can I just redirect all to https?

Post by Mick »

  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
ttfan
Registered User
Posts: 23
Joined: Sun Jan 27, 2013 10:39 am
Contact:

Re: change forum to https - can I just redirect all to https?

Post by ttfan »

Thank you, yes I appreciate that.

My question is though, can I just force to https via .htaccess, without changing the cookie settings?
I asked because I know people have reported getting locked out of the ACP, and if this happens I'm not sure if I have the skills to fix it. The fix you linked to is probably for the latest version, and I don't know if this will still work for my version.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26508
Joined: Fri Aug 29, 2008 9:49 am

Re: change forum to https - can I just redirect all to https?

Post by Mick »

That article is good for phpBB versions 3.0.* and upwards. If you’re using ssl you need to enable cookie secure as you will experience issues staying logged in as well as other things if you don’t.
Mick wrote: Fri Apr 26, 2019 7:48 amIf you require assistance upgrading please post back
otherwise I’ll lock this topic.
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
User avatar
Lumpy Burgertushie
Registered User
Posts: 69224
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: change forum to https - can I just redirect all to https?

Post by Lumpy Burgertushie »

you must do both.

if you only do one or the other you will have the problems you are seeing.

you keep saying people getting locked out of the acp. only admins should be able to access the acp to start with.

anyway, once you have set the htaccess to redirect and you have the cookie settings correct there should be no problems for anyone.
remember, one of the steps in setting the cookies is to change the cookie name. when you do that it causes everyone to have to log in the next time they visit to get the new cookie.

luck,
robert
Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
Post Reply

Return to “[3.2.x] Support Forum”