Nop4.3 does NOT redirect all pages to https

6 месяцев назад
Nop4.3
SSL installed
SSL enabled
Store URL is: https://xxx.com

But the website can be visited on http://xxx.com, not redirect to https.
6 месяцев назад
This post had the same problem - dont know if he solved it ?
https://www.nopcommerce.com/en/boards/topic/84162/ssl-config-http-is-still-available
6 месяцев назад
Reading the Github work item #4322 Drop "securitysettings.forcesslforallpages" setting ,
It implies that the code  to force SSL redirect at the application level has been stripped out in 4.3.  

Certainly the behaviour I have seen in 4.3 is that the store is still accessible on http 80 even if you check the require SSL box in store configuration.

SSL redirect must now be performed by the webserver, load balancer, etc.

I can help with this on linux NGINX.  For IIS I think a web.config re-write rule is required.

Nop Team - can you clarify the above?

Yidna wrote:
This post had the same problem - dont know if he solved it ?
https://www.nopcommerce.com/en/boards/topic/84162/ssl-config-http-is-still-available
6 месяцев назад
Dear All,

I have nopCommerce 4.20 multi store implementation with Prisma theme from nopTemplates.

All major SEO checkers report a critical issue related to non www -> www redirect.
Ex
https://www.woorank.com/en/www/roomalert.ro

My SEO settings require all pages to have www prefix is active.
I have SSL enabled with the only one host value: www.roomalert.ro .

I tried also to add IIS URL rewrite rules.
For http to https I have a 301 redirect.
but
for nonww to www it’s not working (with 301 redirect).

If I request http://roomalert.ro
I get response from https://www.roomalert.ro (but without 301 redirect).
For site users is ok but for SEO checkers is not.

What else can I try to fix this SOE issue?

Below you can find webconfig URL rewrite settings:

<rewrite>
            <rules>
                <rule name="CanonicalHostNameRule1" stopProcessing="true">
                    <match url=".*" />
                    <conditions>
                        <add input="{HTTP_HOST}" pattern="^roomalert.ro$" />
                    </conditions>
                    <action type="Redirect" url="https://www.roomalert.ro/{R:0}" redirectType="Permanent"/>
                </rule>
                <rule name="http to https" enabled="true" stopProcessing="true">
                    <match url="(.*)" />
                    <conditions>
                        <add input="{HTTPS}" pattern="^OFF$" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" redirectType="Permanent"/>
                </rule>
            </rules>
        </rewrite>
один месяц назад
I ever have the same problem with Nop 4.3, my environment is:
- Ubuntu 20.04
- Nginx
- MySql
Below is my workaround:
  - Setup ssl cert in nginx
  - Set store url to https://xxx: Go to Admin/Configuration/Store:In the list,
  - make sure 'Store URL' is using https
  - make sure 'SSL enabled' is checked
  - Change setting in appsettings.json:  "UseHttpXForwardedProto": true <-- This is work I missed
  After above configuration applied, make sure you restart both nginx and your nopcommerce application.
  Hope help