How to configure HTTPS (SSL) for Magento

Table of Content

Speed tests with Keep-Alive connections
Posted in: Magento 2 Guides

Google treats users security quite seriously so it wasn’t surprisingly that in August 2014 Google announced HTTPs as a ranking factor. But still buzz was heard from here and there in the SEO community. Some people immediately switched to HTTPs to protect their sites, Magento stores and in-built Magento blog extensions, some preferred to take time and think over such a serious step. Anyway, there were people who claimed that HTTPs made their sites rank higher; those who saw drops in rankings after switch to HTTPs; and finally those who didn’t notice any changes with HTTPs.

Article summary [show]


First of all, I am turning the floor over to Andrey, Amasty system administrator. He’s going to share some technical details on transitioning to HTTPS for Magento.

 

POINTS TO CONSIDER

SSL SPEED

SSL protocol provides encryption of information transferred between a client’s browser and your web server. If you decided to set up SSL for your Magento store, it’s important to know that encryption takes server and browser resources, also slowing down server connection setup.

We compared page load speed for HTTP (without SSL) and HTTPS (using SSL) protocols. In this test Apache Benchmark requesting a static HTML page from Nginx web server.

Now let’s test HTTP protocol speed:

ab -c 5 -n 1000 http://example.local/static.html

This is ApacheBench, Version 2.3 <$Revision: 655654 $>Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/

Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking example.local (be patient)

Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requests

Server Software: nginx/1.2.1
Server Hostname: example.local
Server Port: 80
Document Path: /static.html
Document Length: 51926 bytes
Concurrency Level: 5
Time taken for tests: 0.609 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Total transferred: 52138000 bytes
HTML transferred: 51926000 bytes
Requests per second: 1641.01 [#/sec] (mean)

Time per request: 3.047 [ms] (mean)

Time per request: 0.609 [ms] (mean, across all concurrent requests)

Transfer rate: 83553.80 [Kbytes/sec] received

Connection Times (ms)

min mean[+/-sd] median max

Connect: 0 0 0.1 0 2

Processing: 2 3 0.2 3 4

Waiting: 0 1 0.1 1 2

Total: 2 3 0.3 3 5

Percentage of the requests served within a certain time (ms)
50% 3
66% 3
75% 3
80% 3
90% 3
95% 3
98% 4
99% 4
100% 5 (longest request)

Now let’s test HTTPS protocol speed:

ab -c 5 -n 1000 https://example.local/static.html
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/Benchmarking example.local (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requestsServer Software: nginx/1.2.1
Server Hostname: example.local
Server Port: 443
SSL/TLS Protocol: TLSv1/SSLv3,ECDHE-RSA-AES256-GCM-SHA384,2048,256Document Path: /static.html
Document Length: 51926 bytesConcurrency Level: 5
Time taken for tests: 4.396 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Total transferred: 52138000 bytes
HTML transferred: 51926000 bytes
Requests per second: 227.46 [#/sec] (mean)
Time per request: 21.982 [ms] (mean)
Time per request: 4.396 [ms] (mean, across all concurrent requests)
Transfer rate: 11581.24 [Kbytes/sec] receivedConnection Times (ms)
min mean[+/-sd] median max
Connect: 6 12 3.9 11 29
Processing: 1 10 3.9 10 23
Waiting: 1 4 2.9 5 17
Total: 8 22 5.3 21 48Percentage of the requests served within a certain time (ms)
50% 21
66% 23
75% 25
80% 26
90% 29
95% 31
98% 35
99% 38
100% 48 (longest request)

The difference between HTTP and HTTPS looks rather significant: 18 and 43 ms accordingly. This difference is the time spent for establishing SSL connection. We met websites with complicated layouts, where some pages need around 150 server requests to be loaded. If your server does not support Keep-Alive connections, it is needed to establish SSL connection every time the server request is executed, and in this case SSL connection may take up to 6.5 seconds, which is pretty much a big deal in e-commerce world.
Thus, we want SSL for our Magento store, but we also want it to be faster.
Now, let’s have a look at HTTPS connection speed with Keep-Alive:

ab -c 5 -n 1000 -k https://example.local/static.html
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/Benchmarking example.local (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requestsServer Software: nginx/1.2.1
Server Hostname: example.local
Server Port: 443
SSL/TLS Protocol: TLSv1/SSLv3,ECDHE-RSA-AES256-GCM-SHA384,2048,256Document Path: /static.html
Document Length: 51926 bytesConcurrency Level: 5
Time taken for tests: 0.507 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Keep-Alive requests: 990
Total transferred: 52142950 bytes
HTML transferred: 51926000 bytes
Requests per second: 1971.07 [#/sec] (mean)
Time per request: 2.537 [ms] (mean)
Time per request: 0.507 [ms] (mean, across all concurrent requests)
Transfer rate: 100368.49 [Kbytes/sec] receivedConnection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 2.2 0 29
Processing: 1 2 0.7 2 18
Waiting: 0 1 0.5 1 10
Total: 1 2 2.5 2 32Percentage of the requests served within a certain time (ms)
50% 2
66% 2
75% 2
80% 2
90% 2
95% 3
98% 3
99% 18
100% 32 (longest request)

To make sure the comparison is valid, let’s check HTTP connection speed with Keep-Alive support as well:

ab -c 5 -n 1000 -k http://example.local/static.html
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/Benchmarking example.local (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requestsServer Software: nginx/1.2.1
Server Hostname: example.local
Server Port: 80Document Path: /static.html
Document Length: 51926 bytesConcurrency Level: 5
Time taken for tests: 0.446 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Keep-Alive requests: 993
Total transferred: 52142965 bytes
HTML transferred: 51926000 bytes
Requests per second: 2240.79 [#/sec] (mean)
Time per request: 2.231 [ms] (mean)
Time per request: 0.446 [ms] (mean, across all concurrent requests)
Transfer rate: 114102.75 [Kbytes/sec] receivedConnection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.1 0 1
Processing: 1 2 0.3 2 5
Waiting: 0 1 0.2 1 1
Total: 1 2 0.3 2 5Percentage of the requests served within a certain time (ms)
50% 2
66% 2
75% 2
80% 2
90% 3
95% 3
98% 3
99% 3
100% 5 (longest request)

And the results are:

Takeaway: we recommend using Keep-Alive connections if you decided to fully switch your Magento shop to secure connection.

MAGENTO ENTERPRISE

If you use Magento Enterprise Edition and Full Page Cache, please know that Full Page Cache will stop working if you turn HTTPS on for the whole website.

CDN

If you use HTTPS with CDN, be ready to face a higher price asked by your CDN provider. Using custom HTTPS certificate through CDN is more expensive than regular HTTPS.

ENABLING HTTPS FOR YOUR MAGENTO STORE

GETTING THE CERTIFICATE

If you don’t use Self-Signed certificates, you’ll probably purchase your certificate from any CA (Certificate Authority) like Verisign, Geotrust, Godaddy, etc.

To purchase such a certificate, you need to generate a private key and a certificate request first.

Use openssl for that. If you don’t have it now, install it using these commands:

DEBIAN/UBUNTU

apt-get update
apt-get install openssl

RHEL/CENTOS

yum install openssl

Now, let’s generate the private key for example.local domain. Execute these commands as root user or use sudo:

openssl genrsa -out /etc/ssl/private/example.local.key 2048
chown root:root /etc/ssl/private/example.local.key
chmod 0400 /etc/ssl/private/example.local.key

Next let’s generate certificate request. We marked out the places where you need to enter your own data:

openssl req -new -out /etc/ssl/certs/example.local.csr -key /etc/ssl/private/example.local.key
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Michigan
Locality Name (eg, city) []:Detroit
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example, Inc.
Organizational Unit Name (eg, section) []:Website
Common Name (e.g. server FQDN or YOUR name) []:example.local
Email Address []:[email protected]
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

At this step you have a certificate request (example.local.csr) which should be sent to your Certificate Authority (CA). In reply you will receive a certificate file (for example, example.local.crt) and possibly a CA intermediate certificate (say, ca-bundle.crt), which connects your CA with root CAs. Root CAs have their certificates in all browsers (Root CA Certificate Storage).

ENABLING SSL ON APACHE

Here’s the simplest SSL Apache configuration for example.local host. 1.2.3.4:443 are an IP address and a port where the web server waits for SSL connection:

ServerName example.local
ServerAdmin [email protected]
DocumentRoot /var/vhosts/example.local
SSLEngine on
SSLCertificateFile /etc/ssl/certs/example.local.crt
SSLCertificateKeyFile /etc/ssl/private/example.local.key
#SSLCACertificateFile /etc/ssl/certs/ca-bundle.crt

ENABLING SSL ON NGINX

Here’s the simplest SSL Nginx configuration for example.local host. 1.2.3.4:443 are an IP address and a port where the web server waits for SSL connection:

server {
	listen 443 ssl;
	server_name example.local;
	ssl on;
	ssl_certificate /etc/ssl/certs/example.local.crt;
	ssl_certificate_key /etc/ssl/private/example.local.key;
	root /var/vhosts/example.local;
}

If you have ca-bundle.crt , add it to example.local.crt:

cat example.local.crt ca-bundle.crt > /etc/ssl/certs/example.local.crt

ENABLING SSL IN MAGENTO

Before enabling SSL, make sure your web server is configured properly. To check this, open any static file through HTTP, for example, https://example.local/robots.txt will do. If the file is shown successfully in the browser and there are no certificate warnings, you can proceed to SSL setup for Magento.

Go to Magento backend, then follow System / Configuration / Web.
After that you should find secure section and enter your URL with HTTPS into Base URL field. In our case it should be https://example.local/, which is also should be added to the Unsecure section as well.

Set Use Secure URLs in Frontend and Use Secure URLs in Admin settings to Yes and save.

After than you need to clear all Magento cache; go to System / Cache Management and click Flush Cache Storage button.

As you’re all set with SSL in Magento, it’s time to set a permanent redirect from HTTP to HTTPS. As a matter of fact, Magento does this redirect all by itself, but using server redirect reduces its load as it doesn’t delegate control to Magento.

Here’s how to do it:

APACHE

<VirtualHost *:80>
	ServerName example.local
	ServerAdmin [email protected]
	<IfModule mod_rewrite.c>
		RewriteEngine on
		RewriteCond %{HTTPS} off
		RewriteRule ^(.*)$ https://example.local/$1 [R=301,L]
	</IfModule>
</VirtualHost>

NGINX

server {
	listen 80;
	server_name example.local;
	location / {
		return 301 https://example.local$request_uri;
	}
}

After you reconfigured your server it needs to be rebooted so the changes apply.

POSSIBLE ISSUES

When we were switching to HTTPS for the whole Amasty site, browsers showed a notification for partially encoded content, which could be very embarrassing for your visitors. This issue arises because some js/css/fonts/pics are loaded using HTTP. To avoid that, check all the URLs using HTTP by looking through the source code of the page that gets the notification; you need to change them manually or find other ways to get rid of HTTP.

SEO AND HTTPS ON MAGENTO

Thanks to Andrey for his wonderful and detailed description! Now let’s move on to the impact switching to secure connection might have on your website. Let’s hear what Kristina, Amasty Marketing Manager, tells us on this subject.

As for Amasty, we were not among the pioneers to transfer Amasty.com to the secure version; we did it a few months later – in November. And here are some important tips we would like to share with you.

301 REDIRECTS FROM NON-HTTPS TO HTTPS VERSION

You should understand that http://site.com/ and https://site.com/ are treated by Google as different sites (exactly like non-www and www versions). So if you transfer your Magento store to HTTPs, you should 301 redirect all the site pages on the URL by URL basis, i.e. https://amasty.com/magento-extensions.html should redirect users to https://amasty.com/magento-extensions.html but not to the homepage.

INTERNAL LINKING

Once you set up HTTPs and 301 redirects, make sure all your internal links point to the secure URLs. Check your navigation (top links, footer links, cross & up sells, etc.) and links in the body text. Your site is under your control, this is the first place to show Google that you have secure URLs.

If you run a blog (you really do, right?), take some time to review the articles and change the protocol in the URLs coming to your main site. It is really hard and time consuming to make such changes manually in all the articles. So study your Google Analytics reports to find out which of your posts are more popular and change the links to your store only in them. Note: this is applicable only if you have a blog on a separate subdomain (e.g. blog.store.com).

 To make sure internal linking won’t turn into a nightmare, try our Magento 1 Blog Pro or Magento 2 Blog module, in accordance with the platform you use. Get not only internal linking but also a quality content for social media by linking to your blog.

CANONICAL TAGS

Check all your canonical tags. They should canonicalize the secure URLs. This is one more important signal for Google. Additionally, check your rel=prev, rel=next navigation tags (if you have them set up).

XML SITEMAP

As you know, an XML sitemap contains a list of all the URLs in your store. So after the switch to HTTPs, don’t forget to review your Google sitemap and re-submit it.

GOOGLE WEBMASTER TOOLS

Soon after the switch, you’ll see a similar picture in your Google Webmaster account:
Index drop https
This means that after the switch to the secure URLs Google Webmaster will soon stop giving you info on your non-secure site. And that is a good sign: it means you’ve configured your 301 redirect properly.

To get all the info from Google again, you should add your HTTPs site as a new site to the GWT. Once it’s added, you’ll begin to receive the stats:
Index increase https

EXTERNAL LINKS

After switching your Magento store to HTTPs, build all the links to your site with HTTPs in the URLs. If you can change some existing incoming links, do it. Remember that a 301 redirect might transfer not all the link juice, so it’s always better to link to a page A directly rather than to link to a page B that redirects to the page A.

ROBOTS.TXT

Look through robots.txt and add links to your new XML sitemap.

GA CODE

In most cases GA code catches the changes from HTTPS transition, but if you have an older piece of tracking code, it might need an update.

RSS

Check if your RSS provider supports HTTPS. For example, FeedBurner is not supported by Google any more, thus, it cannot work with HTTPS.

CHECK CRAWLING

Utilize the Fetch and Render tool in GWT to check if Google is able to properly crawl your site.

SOME CHALLENGES YOU WILL FACE AFTER SWITCHING YOUR MAGENTO STORE TO HTTPS

SOCIAL SIGNALS

Unfortunately, after the switch you’ll lose all the share counts. The good news is that some social shares will be transferred via API over time. But some won’t. From our experience, Google Plus shares count transfers mostly without any loss but Facebook likes count never returns.

So be ready to face this challenge. There’s also one reasonable solution that will help you to display on a new page share statistics of the old page. The drawback is that this count will be static as new shares won’t be seen.

MARKETING & SEO TOOLS

Though more and more sites are switching to HTTPs, not all the tools are ready for that. Some of them don’t show redirects or Alexa rank, others won’t generate an XML sitemap. Just take it as it is. I believe that all these inconveniences will soon disappear.

CHECK EVERYTHING TWICE OR EVEN THREE, FOUR, FIVE TIMES

The period after switching to HTTPs is like going through the dark forest. You never know what to expect. So check everything many times, make sure all your goals in Google Analytics are tracked properly, your AdWords traffic is not lost, etc. There are may be some problems but you can find and solve them quickly.

SO WHAT ABOUT THE RANKINGS?

This is a tricky question. When it comes to Google, it’s hard to predict the outcomes of your actions, especially if you make such serious changes as switching to HTTPs. Ok, according to Google, this is a ranking factor so we assume that after the switch, we can see a boost in rankings.

In reality, the things are much more complicated. It’s more likely that right after the switch, your rankings will drop for some time. For Amasty, this period lasted for a few days and then we saw an increase and the site began to rank higher than it used to without HTTPs.

You should understand that rankings depend on a variety of factors and it’s hard to predict how any change will influence them. As for HTTPs, you’ll have to transfer your site to them, sooner or later. Just take into account all the tips listed in the post and the switch to HTTPs will go smooth.

May 2, 2016
May 5, 2016
April 18, 2016
Comments
James
May 6, 2015
A good comprehensive guide. We are currently looking at moving to full SSL site-wide in Magento, this was done relatively easily with a server redirect however we found that Magento still submitted forms (for product options) over non-secure connections, meaning the products could not be added to the basket. Something I am still trying to fix!
Reply
bill
May 27, 2015
we switched to https. so far we had to disable social icons while trying make then not break https. but the bigger problem for us is YouTube videos break https now. need to know a way to make whole site https but make one page or product or category HTTP
Reply
Ksenia Dobreva
May 28, 2015
Hey Bill, thanks for the comment. From our side it looks easier and better to fix YouTube videos instead of trying to leave separate pages HTTP. For example, here https://amasty.com/knowledge-base/how-to-install-magento-2-extension.html the YouTube video is working fine, not breaking the HTTPS.
Timon
June 28, 2015
I joined the newsletter to download the checklist, unfortunately I didn't get to download it. Could you email it?
Reply
Jeremy
July 19, 2015
Thanks so much for the FANTASTIC guide. I recently switched my whole site's protocol to HTTPS. This has been a great guide to help me fix any loose ends. I do have a question about changing the google webmaster tools property. My property is still set as http and its still tracking site visit information. Your graphs showed that the information should fall to 0, and then the property should be switched over to https. If you could give more specific details on how to change the property over, I would appreciate it. I found the "change of address" tool but it specifically says that it doesn't support http to https site changes. But since I'm still tracking site visit information I'm wondering if I need to change anything. I fetched as google and its showing that my homepage is redirecting to https so I assume everything is okay. Is it? Thanks!
Reply
Kristina Azarenko
July 21, 2015
Hi Jeremy. Thanks for your comment. As for Webmaster Console, it's advisable to add an https version of your site as a new property after the switch. Anyway, it takes time for Google to pick up all the changes, so there's no wonder why you're seeing traffic info for your http site. But it should steadily decline. And you are right, the “change of address” tool won't work here. As I wrote above, you should add the https version as a completely new property in the same account.
Artur
October 2, 2015
Hello Guys, Really nice and informative guide. I followed it and succesfully applyed the SSL for the store. But the issue is, when the SSL is activated, the BackOffise brakes... Script's stops working and CSS is not loaded. Do you know about this issue? What can cause it? How to fix it? Could you please help, been strugling with it for a few day's now. Thanks,
Reply
Ksenia Dobreva
October 2, 2015
Hey Artur, thanks for reading and asking! May I ask - do you use SSL for backend only, or frontend only, or both?
Artur
October 5, 2015
I have it set to both: Unsecure and Secure (Frontend and backend). Also when applied I've rewrited the urls via htaccess. Everything seems to be working, but the backend appears broken (without CSS or JS). I've investigated the code and I can see that all the files are called via HTTP. I suppose this is the problem. Best wishes, Arthur
Ksenia Dobreva
October 5, 2015
Hey Artur, and also do not forget to clear Magento cache! It can also cause similar troubles. If this doesn't help, I'm afraid it's complicated to give you more ideas remotely =)
Artur
October 5, 2015
Could do you know how to Manualy change the path? Simply rewrite, the HTTP to HTTPS, if possible?
Reply
Ksenia Dobreva
October 6, 2015
select * from core_config_data where path like 'web%url'; Please perform this query for your database, thus we'll have more info on the case.
Eugene
April 22, 2016
Hello, could you please tell me what to do in case of receiving ERR_TOO_MANY_REDIRECTS error? Thanks.
Reply
Ksenia Dobreva
April 28, 2016
Hello Eugene, and thanks for your question. You have to check if your http -> https redirect isn't going to a loop. It can be possible that there's no condition to stop the redirect added. Hope that helps!
stan
May 19, 2016
Hello can this be undertaken with magento2?
Reply
Ksenia Dobreva
May 20, 2016
Hey Stan, thanks for your question. Well, the overall meaning of the manipulations will be the same, but some settings will be slightly different. We're planning to write a guide on configuring SSL for Magento 2 in the nearest future. Stay tuned!
Eugene
June 2, 2016
Hi, thank you for your guide. i have SSl on all pages now, but some pages need to be without it, some "unsecured" flash from other http site always blocked by browsers. Is it possible to keep some pages without SSL in Magento?
Reply
Ksenia Dobreva
June 2, 2016
Hey there and thanks for asking. It's an important question that wasn't covered in the article. Technically, the best solution is to avoid any insecure blocks or pages on your website (for example, if you're using content blocks from insecure sites, it's worth informing them that using SSL is a must now and they should think about it). Now, when it comes to insecure blocks on a secure page, the browser will always give warnings (and possibly block the thing, but not necessarily). When it comes to an insecure page on a secure website, a direct visit of this page will be okay, but if you place the link to the insecure page from a secure page, following this link will be an issue. Again, the best solution is to avoid insecure blocks and pages by any means if the site is on HTTPS.
Eugene
June 2, 2016
Thanks for quick respond. If its important content and resource site remains unsecured, what can you advise as a solution? Like, create the temporary page on my another unsecured domain (outside of magento) and transfer customers there?
Reply
Ksenia Dobreva
June 2, 2016
To our opinion, in that case the best solution is to turn SSL off for the whole site (except for checkout).
krystian
June 4, 2016
hello. how would you apply Varnish with this config? or any other cache solution?
Reply
Ksenia Dobreva
June 6, 2016
Hi Krystian! Thanks for asking. We normally use our own FPC, and you don't have to apply or change any settings in it while switching to SSL.
Michael
September 8, 2016
Hello, Thank you so much for providing this guide! We have finally had the opportunity to switch over to https, and we used your guide to complete the task. Everything on the front end is working perfectly. But - there is a problem with the Admin area. We have run in to the same problem that another person had above (Artur) - But it looks like the answer did not include a solution. Hopefully - You can now provide a solution to this problem: All css and js files in the backend are still directed to http (non-secure). This makes the Admin area unusable. We are running Magento version 1.9.2.2 Settings in the Admin are for Web URLs are as follows (using 'domain.com' as an example): Unsecure: Base URL = https://www.domain.com Secure: Base URL = https://www.domain.com Use Secure URLs in Frontend = Yes Use Secure URLs in Admin = Yes Also updated our .htaccess file as noted above to redirect - again, perfect on the front end. We tried not adding the URL redirect in .htaccess, and disabling secure URLs in the admin - that made the Admin work correctly, but no more redirects on the front end, of course. We've tried a number of different combinations to get the Admin area working correctly with https - Still, css and js are pulling from http, making our Admin area completely unusable. Cache has been cleaned (multiple times) via ftp and deleting files under the /var/cache directory because we can't do it via the Admin panel. Help! Any assistance you can give us with this problem is very much appreciated. Thank you!
Reply
Ksenia Dobreva
September 9, 2016
Hi Michael, first of all, we're very glad that the guide was useful for you - thanks for sharing your experience! Looks like the previous comment author checked the database settings and found a flaw in them. We do recommend running this query: SELECT * FROM `core_config_data` WHERE `path` LIKE 'web%url'; and check whether everything is go. If this doesn't help you, please do write us an email to [email protected] and in the email, please refer to our conversation here, so your ticket could be assigned to the article's author and he could have a closer look. Cheers!
David Bell
September 9, 2016
I'm switching a site to use SSL for all connections and have changed both the Unsecure and Secure Base URLs to use the https page. Everything is now using a secure connection. If I access an unsecure page it's redirected to the secure version - but currently with a 302 redirect. In the Magneto General/Web configuration panel there's a setting: Auto-redirect to Base URL By default that's set to "Yes (302 Found)". If I change that to "Yes (301 Moved Permanently)" the the auto redirect from http to https is now a 301 redirect. If that's working as it appears, then why is there a need to add the line: return 301 https://example.local$request_uri; in the nginx configuration. What's the reason for changing the nginx configuration compared to configuring it in Magento? Is there a downside of using the 301 auto-redirect?
Reply
Ksenia Dobreva
September 12, 2016
Hey David, the Nginx changes are made to use the server-side redirect. It is significantly faster than any application-side redirect, especially when it comes to the large amounts of traffic. Hope that helps!
Roger
October 15, 2016
Great "how to guide" and thank you for SEO tips, btw) Also, I recommend you to use secure urls in the backend too, as you'll never know what occasion you will have.
Reply
Alexandra Zhos
October 16, 2016
Thank you, Roger, for your tip!
Steeve A.
January 18, 2017
Awersome) you made enormous job, guys! When we were switching our magento store to https we faced with several issues, that you spotlighted in this article. Thanks)
Reply
Alexandra Zhos
December 19, 2016
Thank you, Steeve, for your positive feedback)
Leave your comment

Your email address will not be published

This blog was created with Amasty Blog Pro

This blog was created with Amasty Blog Pro

© 2009-2024 Amasty. All Rights Reserved.