I have a site working as http. The site has from letsencrypt a certificate and the realted apache config to work with https as well.
How can I configure t3 to do both, http and https.
Regardless what I tried to configure it works either or but not both.
Help appreciated!
Regards Kallewirsch
CodePudding user response:
You should configure an http to https redirect in apache configuration. (.httacess)
Http times are over browser ms default to https and auto upgrade connections if possible. Also http is rightly marked as insecure (similar to a wrong ssl certificate)
There is no valid reason to use http. Anymore
CodePudding user response:
No matter why you think you need to do this, supporting both schemas as in "after page load http
can still be shown in the url bar" is not a secure nor a necessary thing anymore. What is relevant is that if a user types in http://example.com
the page will be shown and that all communication with your server is secure, thus in the end https
should be used. Letsencrypt is a wonderful choice.
In order to circumvent all problems user, browsers and web applications can run into, HSTS should be activated, which is basically "web server magic" for always using https
without leaving anybody behind, even if they try to use http
. So configure TYPO3 to serve via https and activate HSTS for your webserver.
On the details for why and how to HSTS refer to e.g. https://https.cio.gov/hsts/
If you want TYPO3 to serve content no matter the schema or domain adapt the TYPO3 site configuration base url to not include schema or domain. For security reasons I won't provide an example.