How to configure HTTPS (SSL) for Magento + bonus

How to configure HTTPS (SSL) for Magento + bonus
Google treats users security quite seriously so it wasn’t surprisingly that in August 2014 Google announced HTTPs as a ranking factor. But still buzz was heard from here and there in the SEO community. Some people immediately switched to HTTPs, some preferred to take time and think over such a serious step. Anyway, there were people who claimed that HTTPs made their sites rank higher; those who saw drops in rankings after switch to HTTPs; and finally those who didn’t notice any changes with HTTPs.


First of all, I am turning the floor over to Andrey, Amasty system administrator. He’s going to share some technical details on transitioning to HTTPS for Magento.

Points to consider

SSL speed

Andrey, Amasty System AdministatorSSL protocol provides encryption of information transferred between a client’s browser and your web server. If you decided to set up SSL for your Magento store, it’s important to know that encryption takes server and browser resources, also slowing down server connection setup.

We compared page load speed for HTTP (without SSL) and HTTPS (using SSL) protocols. In this test Apache Benchmark requesting a static HTML page from Nginx web server.

Now let’s test HTTP protocol speed:

ab -c 5 -n 1000 http://example.local/static.html

This is ApacheBench, Version 2.3 <$Revision: 655654 $>Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/

Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking example.local (be patient)

Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requests

Server Software:       nginx/1.2.1
Server Hostname:       example.local
Server Port:           80
Document Path:        /static.html
Document Length:       51926 bytes
Concurrency Level:     5
Time taken for tests:   0.609 seconds
Complete requests:     1000
Failed requests:       0
Write errors:           0
Total transferred:     52138000 bytes
HTML transferred:      51926000 bytes
Requests per second:   1641.01 [#/sec] (mean)

Time per request:       3.047 [ms] (mean)

Time per request:       0.609 [ms] (mean, across all concurrent requests)

Transfer rate:         83553.80 [Kbytes/sec] received

Connection Times (ms)

min mean[+/-sd] median   max

Connect:       0   0   0.1     0       2

Processing:     2   3   0.2     3       4

Waiting:       0   1   0.1     1       2

Total:         2   3   0.3     3       5

Percentage of the requests served within a certain time (ms)
50%     3
66%     3
75%     3
80%     3
90%     3
95%     3
98%     4
99%     4
100%     5 (longest request)

Now let’s test HTTPS protocol speed:

ab -c 5 -n 1000 https://example.local/static.html
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/Benchmarking example.local (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requestsServer Software: nginx/1.2.1
Server Hostname: example.local
Server Port: 443
SSL/TLS Protocol: TLSv1/SSLv3,ECDHE-RSA-AES256-GCM-SHA384,2048,256Document Path: /static.html
Document Length: 51926 bytesConcurrency Level: 5
Time taken for tests: 4.396 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Total transferred: 52138000 bytes
HTML transferred: 51926000 bytes
Requests per second: 227.46 [#/sec] (mean)
Time per request: 21.982 [ms] (mean)
Time per request: 4.396 [ms] (mean, across all concurrent requests)
Transfer rate: 11581.24 [Kbytes/sec] receivedConnection Times (ms)
min mean[+/-sd] median max
Connect: 6 12 3.9 11 29
Processing: 1 10 3.9 10 23
Waiting: 1 4 2.9 5 17
Total: 8 22 5.3 21 48Percentage of the requests served within a certain time (ms)
50% 21
66% 23
75% 25
80% 26
90% 29
95% 31
98% 35
99% 38
100% 48 (longest request)

The difference between HTTP and HTTPS looks rather significant: 18 and 43 ms accordingly. This difference is the time spent for establishing SSL connection. We met websites with complicated layouts, where some pages need around 150 server requests to be loaded. If your server does not support Keep-Alive connections, it is needed to establish SSL connection every time the server request is executed, and in this case SSL connection may take up to 6.5 seconds, which is pretty much a big deal in e-commerce world.
Thus, we want SSL for our Magento store, but we also want it to be faster.
Now, let’s have a look at HTTPS connection speed with Keep-Alive:

ab -c 5 -n 1000 -k https://example.local/static.html
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/Benchmarking example.local (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requestsServer Software: nginx/1.2.1
Server Hostname: example.local
Server Port: 443
SSL/TLS Protocol: TLSv1/SSLv3,ECDHE-RSA-AES256-GCM-SHA384,2048,256Document Path: /static.html
Document Length: 51926 bytesConcurrency Level: 5
Time taken for tests: 0.507 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Keep-Alive requests: 990
Total transferred: 52142950 bytes
HTML transferred: 51926000 bytes
Requests per second: 1971.07 [#/sec] (mean)
Time per request: 2.537 [ms] (mean)
Time per request: 0.507 [ms] (mean, across all concurrent requests)
Transfer rate: 100368.49 [Kbytes/sec] receivedConnection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 2.2 0 29
Processing: 1 2 0.7 2 18
Waiting: 0 1 0.5 1 10
Total: 1 2 2.5 2 32Percentage of the requests served within a certain time (ms)
50% 2
66% 2
75% 2
80% 2
90% 2
95% 3
98% 3
99% 18
100% 32 (longest request)

To make sure the comparison is valid, let’s check HTTP connection speed with Keep-Alive support as well:

ab -c 5 -n 1000 -k http://example.local/static.html
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/Benchmarking example.local (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requestsServer Software: nginx/1.2.1
Server Hostname: example.local
Server Port: 80Document Path: /static.html
Document Length: 51926 bytesConcurrency Level: 5
Time taken for tests: 0.446 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Keep-Alive requests: 993
Total transferred: 52142965 bytes
HTML transferred: 51926000 bytes
Requests per second: 2240.79 [#/sec] (mean)
Time per request: 2.231 [ms] (mean)
Time per request: 0.446 [ms] (mean, across all concurrent requests)
Transfer rate: 114102.75 [Kbytes/sec] receivedConnection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.1 0 1
Processing: 1 2 0.3 2 5
Waiting: 0 1 0.2 1 1
Total: 1 2 0.3 2 5Percentage of the requests served within a certain time (ms)
50% 2
66% 2
75% 2
80% 2
90% 3
95% 3
98% 3
99% 3
100% 5 (longest request)

And the results are:
Speed tests with Keep-Alive connections
Chart - speed of Keep-Alive connections
Takeaway: we recommend using Keep-Alive connections if you decided to fully switch your Magento shop to secure connection.

Magento Enterprise

If you use Magento Enterprise Edition and Full Page Cache, please know that Full Page Cache will stop working if you turn HTTPS on for the whole website.

CDN

If you use HTTPS with CDN, be ready to face a higher price asked by your CDN provider. Using custom HTTPS certificate through CDN is more expensive than regular HTTPS.

Enabling HTTPS for your Magento store

Getting the certificate

If you don’t use Self-Signed certificates, you’ll probably purchase your certificate from any CA (Certificate Authority) like Verisign, Geotrust, Godaddy, etc.

To purchase such a certificate, you need to generate a private key and a certificate request first.

Use openssl for that. If you don’t have it now, install it using these commands:

Debian/Ubuntu

apt-get update
apt-get install openssl

RHEL/CentOS

yum install openssl

Now, let’s generate the private key for example.local domain. Execute these commands as root user or use sudo:

openssl genrsa -out /etc/ssl/private/example.local.key 2048
chown root:root /etc/ssl/private/example.local.key
chmod 0400 /etc/ssl/private/example.local.key

Next let’s generate certificate request. We marked out the places where you need to enter your own data:

openssl req -new -out /etc/ssl/certs/example.local.csr -key /etc/ssl/private/example.local.key
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Michigan
Locality Name (eg, city) []:Detroit
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example, Inc.
Organizational Unit Name (eg, section) []:Website
Common Name (e.g. server FQDN or YOUR name) []:example.local
Email Address []:webmaster@example.local
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

At this step you have a certificate request (example.local.csr) which should be sent to your Certificate Authority (CA). In reply you will receive a certificate file (for example, example.local.crt) and possibly a CA intermediate certificate (say, ca-bundle.crt), which connects your CA with root CAs. Root CAs have their certificates in all browsers (Root CA Certificate Storage).

Enabling SSL on Apache

Here’s the simplest SSL Apache configuration for example.local host. 1.2.3.4:443 are an IP address and a port where the web server waits for SSL connection:

ServerName example.local
ServerAdmin webmaster@example.local
DocumentRoot /var/vhosts/example.local
SSLEngine on
SSLCertificateFile /etc/ssl/certs/example.local.crt
SSLCertificateKeyFile /etc/ssl/private/example.local.key
#SSLCACertificateFile /etc/ssl/certs/ca-bundle.crt

Enabling SSL on Nginx

Here’s the simplest SSL Nginx configuration for example.local host. 1.2.3.4:443 are an IP address and a port where the web server waits for SSL connection:

server {
	listen 443 ssl;
	server_name example.local;
	ssl on;
	ssl_certificate /etc/ssl/certs/example.local.crt;
	ssl_certificate_key /etc/ssl/private/example.local.key;
	root /var/vhosts/example.local;
}

If you have ca-bundle.crt , add it to example.local.crt:

cat example.local.crt ca-bundle.crt > /etc/ssl/certs/example.local.crt


Enabling SSL in Magento


Before enabling SSL in Magento, make sure your web server is configured properly. To check this, open any static file through HTTP, for example, https://example.local/robots.txt will do. If the file is shown successfully in the browser and there are no certificate warnings, you can proceed to SSL setup for Magento.

Go to Magento backend, then follow System / Configuration / Web. Find Secure section and enter your URL with HTTPS into Base URL field. In our case it should be https://example.local/, which is also should be added to the Unsecure section as well.

Set Use Secure URLs in Frontend and Use Secure URLs in Admin settings to Yes and save.

After than you need to clear all Magento cache; go to System / Cache Management and click Flush Cache Storage button.

As you’re all set with SSL in Magento, it’s time to set a permanent redirect from HTTP to HTTPS. As a matter of fact, Magento does this redirect all by itself, but using server redirect reduces its load as it doesn’t delegate control to Magento.

Here’s how to do it:

Apache

<VirtualHost *:80>
	ServerName example.local
	ServerAdmin webmaster@example.local
	<IfModule mod_rewrite.c>
		RewriteEngine on
		RewriteCond %{HTTPS} off
		RewriteRule ^(.*)$ https://example.local/$1 [R=301,L]
	</IfModule>
</VirtualHost>

Nginx

server {
	listen 80;
	server_name example.local;
	location / {
		return 301 https://example.local$request_uri;
	}
}

After you reconfigured your server it needs to be rebooted so the changes apply.

Possible issues

When we were switching to HTTPS for the whole Amasty site, browsers showed a notification for partially encoded content, which could be very embarrassing for your visitors. This issue arises because some js/css/fonts/pics are loaded using HTTP. To avoid that, check all the URLs using HTTP by looking through the source code of the page that gets the notification; you need to change them manually or find other ways to get rid of HTTP.

SEO and HTTPS on Magento


Thanks to Andrey for his wonderful and detailed description! Now let’s move on to the impact switching to secure connection might have on your website. Let’s hear what Kristina, Amasty Marketing Manager, tells us on this subject.
Kristina, Amasty Marketing ManagerAs for Amasty, we were not among the pioneers to transfer Amasty.com to the secure version; we did it a few months later – in November. And here are some important tips we would like to share with you.

301 redirects from non-HTTPs to HTTPs version

You should understand that http://site.com/ and https://site.com/ are treated by Google as different sites (exactly like non-www and www versions). So if you transfer your Magento store to HTTPs, you should 301 redirect all the site pages on the URL by URL basis, i.e. https://amasty.com/magento-extensions.html should redirect users to https://amasty.com/magento-extensions.html but not to the homepage.

Internal linking

Once you set up HTTPs and 301 redirects, make sure all your internal links point to the secure URLs. Check your navigation (top links, footer links, cross & up sells, etc.) and links in the body text. Your site is under your control, this is the first place to show Google that you have secure URLs.

If you run a blog (you really do, right?), take some time to review the articles and change the protocol in the URLs coming to your main site. It is really hard and time consuming to make such changes manually in all the articles. So study your Google Analytics reports to find out which of your posts are more popular and change the links to your store only in them. Note: this is applicable only if you have a blog on a separate subdomain (e.g. blog.store.com).

Canonical tags

Check all your canonical tags. They should canonicalize the secure URLs. This is one more important signal for Google. Additionally, check your rel=prev, rel=next navigation tags (if you have them set up).

XML sitemap

As you know, an XML sitemap contains a list of all the URLs in your store. So after the switch to HTTPs, don’t forget to review your Google sitemap and re-submit it.

Google Webmaster Tools

Soon after the switch, you’ll see a similar picture in your Google Webmaster account:
Index drop https
This means that after the switch to the secure URLs Google Webmaster will soon stop giving you info on your non-secure site. And that is a good sign: it means you’ve configured your 301 redirect properly.

To get all the info from Google again, you should add your HTTPs site as a new site to the GWT. Once it’s added, you’ll begin to receive the stats:
Index increase https

External links

After switching your Magento store to HTTPs, build all the links to your site with HTTPs in the URLs. If you can change some existing incoming links, do it. Remember that a 301 redirect might transfer not all the link juice, so it’s always better to link to a page A directly rather than to link to a page B that redirects to the page A.

robots.txt

Look through robots.txt and add links to your new XML sitemap.

GA code

In most cases GA code catches the changes from HTTPS transition, but if you have an older piece of tracking code, it might need an update.

RSS

Check if your RSS provider supports HTTPS. For example, FeedBurner is not supported by Google any more, thus, it cannot work with HTTPS.

Check crawling

Utilize the Fetch and Render tool in GWT to check if Google is able to properly crawl your site.

Some challenges you will face after switching your Magento store to HTTPs

Social signals

Unfortunately, after the switch you’ll lose all the share counts. The good news is that some social shares will be transferred via API over time. But some won’t. From our experience, Google Plus shares count transfers mostly without any loss but Facebook likes count never returns.

So be ready to face this challenge. There’s also one reasonable solution that will help you to display on a new page share statistics of the old page. The drawback is that this count will be static as new shares won’t be seen.

Marketing & SEO tools

Though more and more sites are switching to HTTPs, not all the tools are ready for that. Some of them don’t show redirects or Alexa rank, others won’t generate an XML sitemap. Just take it as it is. I believe that all these inconveniences will soon disappear.

Check everything twice or even three, four, five times

The period after switching to HTTPs is like going through the dark forest. You never know what to expect. So check everything many times, make sure all your goals in Google Analytics are tracked properly, your AdWords traffic is not lost, etc. There are may be some problems but you can find and solve them quickly.

So what about the rankings?

This is a tricky question. When it comes to Google, it’s hard to predict the outcomes of your actions, especially if you make such serious changes as switching to HTTPs. Ok, according to Google, this is a ranking factor so we assume that after the switch, we can see a boost in rankings.

In reality, the things are much more complicated. It’s more likely that right after the switch, your rankings will drop for some time. For Amasty, this period lasted for a few days and then we saw an increase and the site began to rank higher than it used to without HTTPs.

You should understand that rankings depend on a variety of factors and it’s hard to predict how any change will influence them. As for HTTPs, you’ll have to transfer your site to them, sooner or later. Just take into account all the tips listed in the post and the switch to HTTPs will go smooth.

Free checklist


If you’re going to switch your Magento store to HTTPS, download this free checklist of all necessary actions – it will help you to run through all the points.

Ksenia Dobreva

Ksenia Dobreva

Ksenia is a devoted marketer with special love to blogging. She believes that content with several pinches of SEO and social can be a brilliant daily special. When she’s not working on Amasty updates and blog posts, Ksenia runs a blog on movies and books and helps animal shelters.

You may also like...

30 Responses

  1. James says:

    A good comprehensive guide. We are currently looking at moving to full SSL site-wide in Magento, this was done relatively easily with a server redirect however we found that Magento still submitted forms (for product options) over non-secure connections, meaning the products could not be added to the basket. Something I am still trying to fix!

  2. bill says:

    we switched to https. so far we had to disable social icons while trying make then not break https.
    but the bigger problem for us is YouTube videos break https now. need to know a way to make whole site https but make one page or product or category HTTP

  3. Timon says:

    I joined the newsletter to download the checklist, unfortunately I didn’t get to download it.
    Could you email it?

  4. Jeremy says:

    Thanks so much for the FANTASTIC guide. I recently switched my whole site’s protocol to HTTPS. This has been a great guide to help me fix any loose ends. I do have a question about changing the google webmaster tools property.

    My property is still set as http and its still tracking site visit information. Your graphs showed that the information should fall to 0, and then the property should be switched over to https. If you could give more specific details on how to change the property over, I would appreciate it. I found the “change of address” tool but it specifically says that it doesn’t support http to https site changes. But since I’m still tracking site visit information I’m wondering if I need to change anything. I fetched as google and its showing that my homepage is redirecting to https so I assume everything is okay. Is it? Thanks!

    • Kristina Azarenko Kristina Azarenko says:

      Hi Jeremy.
      Thanks for your comment. As for Webmaster Console, it’s advisable to add an https version of your site as a new property after the switch. Anyway, it takes time for Google to pick up all the changes, so there’s no wonder why you’re seeing traffic info for your http site. But it should steadily decline.
      And you are right, the “change of address” tool won’t work here. As I wrote above, you should add the https version as a completely new property in the same account.

  5. Artur says:

    Hello Guys,

    Really nice and informative guide.

    I followed it and succesfully applyed the SSL for the store. But the issue is, when the SSL is activated, the BackOffise brakes… Script’s stops working and CSS is not loaded. Do you know about this issue? What can cause it? How to fix it?

    Could you please help, been strugling with it for a few day’s now.

    Thanks,

    • Ksenia Dobreva Ksenia Dobreva says:

      Hey Artur, thanks for reading and asking!

      May I ask – do you use SSL for backend only, or frontend only, or both?

      • Artur says:

        I have it set to both: Unsecure and Secure (Frontend and backend). Also when applied I’ve rewrited the urls via htaccess. Everything seems to be working, but the backend appears broken (without CSS or JS).

        I’ve investigated the code and I can see that all the files are called via HTTP. I suppose this is the problem.

        Best wishes,
        Arthur

        • Ksenia Dobreva Ksenia Dobreva says:

          Hey Artur, and also do not forget to clear Magento cache! It can also cause similar troubles.

          If this doesn’t help, I’m afraid it’s complicated to give you more ideas remotely =)

  6. Artur says:

    Could do you know how to Manualy change the path? Simply rewrite, the HTTP to HTTPS, if possible?

    • Ksenia Dobreva Ksenia Dobreva says:

      select * from core_config_data where path like ‘web%url’;
      Please perform this query for your database, thus we’ll have more info on the case.

  7. Eugene says:

    Hello, could you please tell me what to do in case of receiving ERR_TOO_MANY_REDIRECTS error? Thanks.

    • Ksenia Dobreva Ksenia Dobreva says:

      Hello Eugene, and thanks for your question.
      You have to check if your http -> https redirect isn’t going to a loop.
      It can be possible that there’s no condition to stop the redirect added. Hope that helps!

  8. stan says:

    Hello
    can this be undertaken with magento2?

    • Ksenia Dobreva Ksenia Dobreva says:

      Hey Stan, thanks for your question. Well, the overall meaning of the manipulations will be the same, but some settings will be slightly different. We’re planning to write a guide on configuring SSL for Magento 2 in the nearest future. Stay tuned!

  9. Eugene says:

    Hi, thank you for your guide.
    i have SSl on all pages now, but some pages need to be without it, some “unsecured” flash from other http site always blocked by browsers. Is it possible to keep some pages without SSL in Magento?

    • Ksenia Dobreva Ksenia Dobreva says:

      Hey there and thanks for asking. It’s an important question that wasn’t covered in the article.

      Technically, the best solution is to avoid any insecure blocks or pages on your website (for example, if you’re using content blocks from insecure sites, it’s worth informing them that using SSL is a must now and they should think about it).

      Now, when it comes to insecure blocks on a secure page, the browser will always give warnings (and possibly block the thing, but not necessarily). When it comes to an insecure page on a secure website, a direct visit of this page will be okay, but if you place the link to the insecure page from a secure page, following this link will be an issue.

      Again, the best solution is to avoid insecure blocks and pages by any means if the site is on HTTPS.

  10. Eugene says:

    Thanks for quick respond.
    If its important content and resource site remains unsecured, what can you advise as a solution? Like, create the temporary page on my another unsecured domain (outside of magento) and transfer customers there?

    • Ksenia Dobreva Ksenia Dobreva says:

      To our opinion, in that case the best solution is to turn SSL off for the whole site (except for checkout).

  11. krystian says:

    hello. how would you apply Varnish with this config? or any other cache solution?

    • Ksenia Dobreva Ksenia Dobreva says:

      Hi Krystian! Thanks for asking. We normally use our own FPC, and you don’t have to apply or change any settings in it while switching to SSL.

  12. Michael says:

    Hello,

    Thank you so much for providing this guide! We have finally had the opportunity to switch over to https, and we used your guide to complete the task. Everything on the front end is working perfectly.

    But – there is a problem with the Admin area. We have run in to the same problem that another person had above (Artur) – But it looks like the answer did not include a solution. Hopefully – You can now provide a solution to this problem:

    All css and js files in the backend are still directed to http (non-secure). This makes the Admin area unusable.

    We are running Magento version 1.9.2.2

    Settings in the Admin are for Web URLs are as follows (using ‘domain.com’ as an example):

    Unsecure:

    Base URL = https://www.domain.com

    Secure:

    Base URL = https://www.domain.com

    Use Secure URLs in Frontend = Yes
    Use Secure URLs in Admin = Yes

    Also updated our .htaccess file as noted above to redirect – again, perfect on the front end.

    We tried not adding the URL redirect in .htaccess, and disabling secure URLs in the admin – that made the Admin work correctly, but no more redirects on the front end, of course. We’ve tried a number of different combinations to get the Admin area working correctly with https – Still, css and js are pulling from http, making our Admin area completely unusable.

    Cache has been cleaned (multiple times) via ftp and deleting files under the /var/cache directory because we can’t do it via the Admin panel.

    Help! Any assistance you can give us with this problem is very much appreciated.

    Thank you!

    • Ksenia Dobreva Ksenia Dobreva says:

      Hi Michael, first of all, we’re very glad that the guide was useful for you – thanks for sharing your experience!

      Looks like the previous comment author checked the database settings and found a flaw in them.

      We do recommend running this query:
      SELECT * FROM `core_config_data` WHERE `path` LIKE ‘web%url’;
      and check whether everything is go.

      If this doesn’t help you, please do write us an email to support@amasty.com and in the email, please refer to our conversation here, so your ticket could be assigned to the article’s author and he could have a closer look.

      Cheers!

  13. David Bell says:

    I’m switching a site to use SSL for all connections and have changed both the Unsecure and Secure Base URLs to use the https page.

    Everything is now using a secure connection. If I access an unsecure page it’s redirected to the secure version – but currently with a 302 redirect.

    In the Magneto General/Web configuration panel there’s a setting: Auto-redirect to Base URL

    By default that’s set to “Yes (302 Found)”. If I change that to “Yes (301 Moved Permanently)” the the auto redirect from http to https is now a 301 redirect.

    If that’s working as it appears, then why is there a need to add the line:
    return 301 https://example.local$request_uri;
    in the nginx configuration.

    What’s the reason for changing the nginx configuration compared to configuring it in Magento? Is there a downside of using the 301 auto-redirect?

    • Ksenia Dobreva Ksenia Dobreva says:

      Hey David,

      the Nginx changes are made to use the server-side redirect. It is significantly faster than any application-side redirect, especially when it comes to the large amounts of traffic.

      Hope that helps!

  14. Roger says:

    Great “how to guide” and thank you for SEO tips, btw) Also, I recommend you to use secure urls in the backend too, as you’ll never know what occasion you will have.

  15. Steeve A. says:

    Awersome) you made enormous job, guys! When we were switching our magento store to https we faced with several issues, that you spotlighted in this article. Thanks)

Leave a Reply

Your email address will not be published. Required fields are marked *