How to Force Ssl in Codeigniter

How to force ssl in codeigniter?

Open config file from location application/config/config.php and enable or set hooks to true like this:

$config['enable_hooks'] = TRUE;

Then create a new file named hooks.php inside the config folder (i.e. application/config/hooks.php) and add the following code in it:

$hook['post_controller_constructor'][] = array(
    'function' => 'redirect_ssl',
    'filename' => 'ssl.php',
    'filepath' => 'hooks'
);

Now create a new directory named hooks inside the application folder (i.e. application/hooks) and then create a new file named ssl.php inside the hooks folder (i.e. application/hooks/ssl.php).

Add the following code in the ssl.php file:

function redirect_ssl() {
    $CI =& get_instance();
    $class = $CI->router->fetch_class();
    $exclude =  array('client');  // add more controller name to exclude ssl.
    if(!in_array($class,$exclude)) {
        // redirecting to ssl.
        $CI->config->config['base_url'] = str_replace('http://', 'https://', $CI->config->config['base_url']);
        if ($_SERVER['SERVER_PORT'] != 443) redirect($CI->uri->uri_string());
    } else {
        // redirecting with no ssl.
        $CI->config->config['base_url'] = str_replace('https://', 'http://', $CI->config->config['base_url']);
        if ($_SERVER['SERVER_PORT'] == 443) redirect($CI->uri->uri_string());
    }
}

How to redirect http to https in codeigniter

Now I got a solution,
I updated my htaccess file.--

RewriteEngine On
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\. [OR]
RewriteCond %{HTTP_HOST} ^myhost\.com$ [NC]
RewriteRule ^ https://www.myhost.com%{REQUEST_URI} [R=301,L,NE]
RewriteCond %{THE_REQUEST} ^[A-Z]+\ /index\.php(/[^\ ]*)?\ HTTP/ 
RewriteRule ^index\.php(/(.*))?$ myhost.com/$2 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]

Now, It worked for me smoothly.. :)

HTTPS .htaccess on Codeigniter How to Force SSL?

This can all be done solely through the .htaccess file. You need to check the %{HTTPS} variable. Altering the .htaccess you provided, here is how you would redirect to https :

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/(favicon\.ico|apple-touch-icon.*\.png)$ [NC]
RewriteRule (.+) index.php?p=$1 [QSA,L]
</IfModule>

If you need to redirect to www. as well, do that redirect first like so :

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /

RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/(favicon\.ico|apple-touch-icon.*\.png)$ [NC]
RewriteRule (.+) index.php?p=$1 [QSA,L]
</IfModule>

Note : Only use RewriteBase / if codeigniter is installed at the root directory of the domain.

Also, one thing that is interesting about your existing .htaccess file is RewriteRule (.+) index.php?p=$1 [QSA,L]. I've usually seen it setup as RewriteRule ^(.*)$ index.php?/$1 [L,QSA]. I haven't seen the p=$1 portion before. However, if it's working that way don't mess with it.

Force https://www. for Codeigniter in htaccess with mod_rewrite

I think, instead of

RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

you should have something like

RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

do have the rewrite rule match. Your link is currently produced by the third rule.

codeigniter, force ssl on a particular page

You need add Condition on .htaccess to make use SSL port work only for selected urls.

Here is example, how to do

RewriteEngine on

RewriteCond %{SERVER_PORT} 80 
RewriteCond %{REQUEST_URI} controller/function
RewriteRule ^(.*)$ https://www.yourdomain.com/controller/function[R=301,L]

RewriteCond %{SERVER_PORT} 443 
RewriteCond %{REQUEST_URI} controller/function
RewriteRule ^(.*)$ https://www.yourdomain.com/controller/function[R=301,L]

RewriteCond $1 !^(index\.php|images|robots\.txt)
RewriteRule ^(.*)$ index.php/$1 [L] 

P.S : Your base_url must be set to “/” in your config file.
For more information check http://codeigniter.com/wiki/SSL_Handling

forcing Codeigniter HMVC to use SSL

Because you say,

my webserver is an ubuntu 16 machine

I assume you are not using a shared server from a hosting provider and so you have complete access to Apache's configuration files. If that is true then you should not use .htaccess files. Read THIS and THIS to learn why.

I also assume you have a set of Apache "sites-available" files that define <VirtualHost> configs. It is inside those <VirtualHost> blocks where you should be placing the code you currently have in .htaccess.

To redirect all http requests to https try this as the contents of the "default" site in a "sites-available" configuration file e.g. "000-default.conf"

<VirtualHost *:80>
    ServerName www.example.com
    ServerAlias example.com
    RedirectMatch 301 (.*) https://www.example.com$1
</VirtualHost>

What this will do is take any http request and immediately redirect to the https: URL. If you are using some other port besides the typical :80, adjust accordingly.

As mentioned, you can do the rewriting in a VirtualHost. Here's an example for the https: config file (maybe named along the lines of "020-example-443.conf")

<VirtualHost *:443>
    ServerName www.example.com
    ServerAlias example.com
    DocumentRoot /var/www/whatever
    ServerAdmin web-boss@example.com

    <Directory /var/www/whatever>
        DirectoryIndex index.php
        Options -Indexes +FollowSymLinks
        AllowOverride All
        Require all granted

        RewriteEngine on
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteRule ^(.*)$ index.php?/$1 [PT]
    </Directory>

    #   SSL Engine Switch:
    #   Enable/Disable SSL for this virtual host.
    SSLEngine on

    # Certificates delivered by certbot - your's maybe elsewhere
    SSLCertificateFile  /etc/letsencrypt/live/yoursite/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/yoursite/privkey.pem

    #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
    <FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
    </FilesMatch>

    <Directory /usr/lib/cgi-bin>
        SSLOptions +StdEnvVars
    </Directory>
</VirtualHost>

With these in place, you won't have to do anything special in CodeIgniter except, as you already do, use the following

$config['base_url'] = 'https://www.example.com/';

How can I have CodeIgniter load specific pages using SSL?

There are few ways to tackle this.

Option 1:

I would probably have the code deployed to both folders, then in the file: /system/application/config/config.php, set your page to:

$config['base_url'] = "http://www.yoursite.com/"; 

or

$config['base_url'] = "https://www.yoursite.com/";

Then in your non-ssl VirtualHost folder, set your config to redirect protected pages by folder to the SSL site:

RedirectPermanent /sslfolder https://www.yoursite.com/sslfolder

Option 2:

Send everything to SSL and keep all your code in one folder

/system/application/config/config.php, set your page to:

$config['base_url'] = "https://www.yoursite.com/";

Other Options

There are some more hacky ways to do this with header() redirects, etc. but I don't think you want to maintain different code bases for this option. I don't recommend this but you could do something like:

$config['base_url'] = “http://” . $_SERVER['http_host'] . “/”;

Forcing SSL in codeigniter with a helper

I answered a similar question here: https://stackoverflow.com/questions/1500527/how-to-use-ssl-with-codeigniter/1500558#1500558

But, in a nutshell:

<IfModule mod_rewrite.c>
   RewriteEngine On
   RedirectPermanent /sslfolder https://www.yoursite.com/sslfolder
</IfModule>

---

Related Topics