Fork me on Github
Fork me on Github

Joe Dog Software

Proudly serving the Internets since 1999

up arrow How To Switch Your Site To HTTPS

I told you that Your JoeDog would eventually complete that task. There was no need to remind us every couple of months. It’s done, now. Cross it off the list.

Congratulations, I guess?? What task is now complete?

Last August Your Google announced that it would give all sites running https a slight rankings bounce. Your JoeDog thought, “Yeah, yeah, yeah. We should do that.” Then August became October and October became January and January became whatever comes after that. Now you’re able to read this blog over a secure connection.

Let’s set-up https after the jump!

TLDR Version:

  1. Purchase SSL certificates
  2. Install mod_ssl
  3. Configure the apache virtual host to use https
  4. Configure a new virtual host to direct all traffic up to https
  5. Check logs and look for errors.

1.) We purchased a three-year certificate from Dotster and they gave us two files, a certificate and a key. Those files costs $90.00 for three years. Why are we giving away software when we could be charging you guys for two little files? That’s a nice racket, huh? You should get in that game! Anyway, we named the files server.crt and server.key. You’ll see those names in the conf file below.

2.) Next we installed mod_ssl. Your JoeDog has a RHEL repository so we could install it with yum. The installer grabbed its dependencies and added a ssl.conf file to /etc/httpd/conf.d  All the files in that directory are read by apache at start-up. The stuff inside ssl.conf tells apache to load mod_ssl and perform basic configuration functions. That will get us running but it’s not enough to make this an ssl site. We’ll make those changes at the virtual host level.

3.) All our sites are configured as virtual hosts. joedog.org was set up as a vhost on port 80. It’s opening tag would have looked like this: <VirtualHost *:80> Which we changed it to this: <VirtualHost *:443>

But just running the server on port 443 isn’t enough to make it an https server. We need to turn on the engine and tell it to use our certificates. We added the following lines to our vhost:

  SSLEngine on 
  SSLProtocol all -TLSv1 -SSLv2 
  SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL   
  SSLCertificateFile /etc/httpd/certs/server.crt 
  SSLCertificateKeyFile /etc/httpd/certs/server.key

At this point, we’ve converted the old joedog.org vhost to be an https vhost but now we have nothing on https. Hey! Where are you guys? Up here on https! Here’s the thing: We’ve been on the Internets for quite some time and all references point to http://www.joedog.org/ If we just move the site to https, then nobody will find us.

4.) With www.joedog.org on https, we needed an additional vhost that could push traffic from http to https. If someone clicks http://www.joedog.org/siege-home/ we need them to arrive at https://www.joedog.org/siege-home/  In order to do that, we added another virtual host. This one listens on port 80 and sends all requests to the same resource on port 443 https. Here’s how that vhost looks like:

<VirtualHost *:80>
  ServerName www.joedog.org

  DocumentRoot "/var/www/joedog.org"
  RewriteEngine on

  RewriteCond %{HTTPS} !=on
  RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
  ErrorLog logs/plain-error_log
  CustomLog logs/plain-access_log combined
</VirtualHost>

Whenever you make a major change, there’s bound to be gotcha’s that will bite you in the ass. For example, if all your intersite references have the protocol in the link, then you’ll end up sending them back to http. To help find these bug-a-boos, we gave the port 80 vhost its own separate logs so we can follow what it’s doing. All we want to see in those logs are 302 redirects up to https. If that vhost is serving files, we need to find out why and fix it.

This can be confusing especially if webmastering isn’t part of your job description. If you have any questions, feel free to post them in the comment section.

UPDATE: Based on a comment in the next post, Your JoeDog changed his redirect from 302 to 301 like this: [R=301,L]  That provides SEO goodness.