Jump to content

Setting up HTTPS & Maintaining The Green Secure Tag
   (0 reviews)

c.widow
  • This guide quickly discusses the how to when setting up your HTTPS and also informs you of great ways to ensure you secure flag stays green without mixed content warnings. You need to contact your hosting provider for information on gaining a TLS certificate.  RPG Initiative hosting already does that part for you when you sign up.

    Software: MyBB

Enforcing HTTPS

In your MyBB admin control panel you should double check to make sure the board URL is configured correctly.

  1. In Configuration --> Site Details ensure the board URL is https:// and not http://.
  2. In Configuration --> Site Details ensure the Secure Cookie Flag is set to yes.

 

Setting An HTTPS Redirect

We will also need to set up a fancy little redirect protocol, this makes sure that if someone accidentally types http://yoursitename.com/ it will automatically redirect to the correct https://yoursitename.com/ url. You will need to access your sites directory files (either through FTP, File Manager via cPanel or some other preferred method).

  1. Please find the htaccess.txt file, rename it to .htaccess and save. If the file is already renamed you do not have to worry about this.

    If after renaming your file in cPanels file manager you can no longer find it please navigate to Settings in the top right hand corner and check mark the box next to Show Hidden Files (dotfiles) then save settings.

    Towards the top of the .htaccess file you will need to add
    RewriteEngine On
    RewriteCond %{HTTPS} !=on
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

     

Adding Security Header

I would be lying if I tried to describe exactly what this is like I know what I'm talking about so instead the short version is: This ensures that if any images or what not are being loaded through your site over HTTP they will be denied and thrown out. Ensuring that you will keep your fancy green "Secure" flag instead of a circled "i" flag which is basically saying "MIXED CONTENT HERE".

  1. In Templates & Themes --> Templates --> current template set --> Ungrouped Templates --> headerinclude add one of these meta tags in beneath the other meta tags.
    <meta http-equiv="Content-Security-Policy" content="upgrade-insecure-requests">

    This will have the user agent download all content over an HTTPS link, if the content is from HTTP then it ends up 'broken' or showing an error.
    OR

    <meta http-equiv="Content-Security-Policy" content="block-all-mixed-content">

    This will end up blocking all insecure content.

 

This is a basic guide, if I have missed something important please poke me!


  • Love 1



User Feedback

Create an account or sign in to leave a review

You need to be a member in order to leave a review

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

There are no reviews to display.


×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use, Guidelines and Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.