Converting a site to HTTPS - Perl/PHP considerations?

NeilF · 14 Nov 2016 at 17:00

If I allow my website to handle HTTPS, will the perl/PHP coding on that site need attention?

eg: If I check URLs for "http://" will they need to also cater for "https://"?

Or is the secure socket layer invisible to the webside code?

BTW - I'd envisage changing my htaccess to convert http to https address on the fly coming in?

Basically I'm just considering what Chromes treatment of non-HTTP sites in January (giving a warning) means to me. And the implication/size of handling it if I decide to - I run a Vbulletin forum and a hand written perl system, both of which handle logons.

Mynight · 14 Nov 2016 at 17:30

It should be OK. Without seeing it it's impossible to tell but I doubt it would require much effort should something be incompatible(I can't think of anything off the top of my head). Worst case it should fall back to http it shouldn't break anything.

Yeah 301 redirect http to https is pretty much all I did on my forums and it was happy.

If you want to try one before you buy then have a look at this;

https://letsencrypt.org/

Pretty simple to use assuming your hosting provider allows third party SSL certs.

NeilF · 14 Nov 2016 at 17:36

Yeh, it's a hosted site, so I just contact them I guess. And I'd imagine then I could run http or https?

So as regards my code where I have code looking at "http://" that would be fine? Or I will need to cater for "https://"? I assume I would?

And as for VBulletin I guess I'd just change the sites url in administration from http://forum.mywebsite.com to https://forum.mywebsite.com?

Etheco · 14 Nov 2016 at 17:56

NeilFawcett said:
So as regards my code where I have code looking at "http://" that would be fine? Or I will need to cater for "https://"? I assume I would?

Yes you would http:// images, scripts etc will not load over https and will cause it to not be secure. And if you are going to the trouble I would just enforce https:// and make sure http:// always redirects.

Also there is this tool https://www.jitbit.com/sslcheck/ that will crawl your site as https and find any pages that are loading insecure links.

Mynight · 14 Nov 2016 at 18:02

^^

Don't run both http and https IIRC Google treats them as TWO separate URLs so your SEO would suffer assuming your care about that.

I haven't run vbulletin but quick Google suggests it should only require the ACP redirect and you're good to go.

NeilF · 14 Nov 2016 at 21:58

Sorry, so if I changed my perl script url over to HTTPS, would that mean absolutely every URL to do with it would be HTTPS? Even images displayed within the pages rendered by it?

So would images be:-
http://mywebsite.com/image.jpg
or would it be OK for them to be:-
https://mywebsite.com/image.jpg

If every URL simply changed over (no matter of to a script or image etc) that must surely be the easier thing? Especially if there's an htaccess rename?

NeilF · 15 Nov 2016 at 11:01

Well, looking at some other sites using HTTPS, it seems basically all urls (to scripts and images) all move over to HTTPS.

Etheco · 15 Nov 2016 at 17:17

NeilFawcett said:
Well, looking at some other sites using HTTPS, it seems basically all urls (to scripts and images) all move over to HTTPS.

I did mention that above not sure you understood it fully mind.

Everything has to be https scripts/images/css anything that is loaded into your site basically.

NeilF · 15 Nov 2016 at 18:11

Etheco said:
I did mention that above not sure you understood it fully mind.

Everything has to be https scripts/images/css anything that is loaded into your site basically.

OK... I'll try and ensure all referenced to "HTTP" are changed to a variable, and then I can start it with HTTP and consider moving it to HTTPS if/when necessary.