How can I enable SSL for the entire nopcommerce site?

8 年 前
I have enabled SSL, and it works fine for cart/checkout etc. However, when I type https://mystore.com it just got redirected to http://mystore.com

What should I do to force a https for the entire website?
Thanks for any help!
8 年 前
That was changed in a recent version because there is no reason for the other pages throughout the site to use an SSL as there is nothing that needs to be encrypted on them. It can also speed up the speed of the site along with helping with SEO problems that can be caused by having an https and http version of a page. If you want to change that I am not sure what is entailed.
8 年 前
I ran into this with a client a while back.  Some clients just want that little padlock to show up on all pages.  A reasonable request.

What I did was completely remove all references to controller attribute NopHttpsRequirment.  After this I added a custom inbound url rule in IIS that looked something like this.

Pattern: (.*)
Conditions: {HTTPS} Matches the Pattern ^OFF$
Action: Redirect https://{HTTP_HOST}/{R:1} Permanent 301

Easy peasy.

The alternative would be to decorate all base controllers with NopHttpsRequirement and require SSL.  Also pretty easy.  I just prefer the 301 permanent redirect method personally.

t
8 年 前
Just set "SecuritySettings.ForceSslForAllPages" setting to "true"
7 年 前
a.m. wrote:
Just set "SecuritySettings.ForceSslForAllPages" setting to "true"


I have same issue, Where do I do this?
7 年 前
How can i see that sSL is working ? I have SSL installed on my site (ARVIXE) and I ve checked the Force SSL on all site, but i don't see any lock on the webaddress of chrome.

Please could you help me ?
7 年 前
similar issue here:
securitysettings.forcesslforallpages does absolutely nothing!
if you type http://yourwebsite.com , it still shows unencrypted.
only if you type https://yourwebsite.com, does it encrypt all the pages

What I'd like to see is: the login page, checkout page and customer pages encrypted.
It would be nice if ALL the admin pages were encrypted -
7 年 前
joebloe wrote:
I ran into this with a client a while back.  Some clients just want that little padlock to show up on all pages.  A reasonable request.

What I did was completely remove all references to controller attribute NopHttpsRequirment.  After this I added a custom inbound url rule in IIS that looked something like this.

Pattern: (.*)
Conditions: {HTTPS} Matches the Pattern ^OFF$
Action: Redirect https://{HTTP_HOST}/{R:1} Permanent 301

Easy peasy.

The alternative would be to decorate all base controllers with NopHttpsRequirement and require SSL.  Also pretty easy.  I just prefer the 301 permanent redirect method personally.

t


Thanks for the advice!!! ForceSslForAllPages does nothing unless you actually type in HTTPS (which no one ever does making the setting moot)
7 年 前
joebloe wrote:
I ran into this with a client a while back.  Some clients just want that little padlock to show up on all pages.  A reasonable request.

What I did was completely remove all references to controller attribute NopHttpsRequirment.  After this I added a custom inbound url rule in IIS that looked something like this.

Pattern: (.*)
Conditions: {HTTPS} Matches the Pattern ^OFF$
Action: Redirect https://{HTTP_HOST}/{R:1} Permanent 301

Easy peasy.

The alternative would be to decorate all base controllers with NopHttpsRequirement and require SSL.  Also pretty easy.  I just prefer the 301 permanent redirect method personally.

t


For some reason on IIS 8 this doesn't work (at least for me). Could be they changed something. I didn't check. However this does

  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true" />
        <rewrite>
            <rules>
                <rule name="Redirect to HTTPS" stopProcessing="true">
                    <match url=".*" />
                    <conditions>
                        <add input="{HTTPS}" pattern="^OFF$" />
                    </conditions>
                    <action type="Redirect" url="https://{HTTP_HOST}/{R:0}" redirectType="Permanent" />
                </rule>
            </rules>
        </rewrite>
  </system.webServer>

I merely had to change R:1 to R:0 and enable SSL and it works.

So maybe IIS7 and 8 are different. I haven't tested it with IIS7 (windows 7 / SBS 2010 etc) or on 2012 yet.
7 年 前
vinee wrote:
Just set "SecuritySettings.ForceSslForAllPages" setting to "true"

I have same issue, Where do I do this?


Go to

Admin --> Configuration --> Settings ---> All Settings (Advanced)

Click the "Funnel" Type icon next to Setting Name Column. Using that filter, filter for "SecuritySettings.ForceSslForAllPages" and update the setting.

Caution: You can update almost all the settings of nop commerce from this screen.