I recently installed Mukurtu on Reclaim, and was able to to configure Let's Encrypt to enable HTTPS access using their cPanel. After that I could see my site just fine through a secure URL.
However HTTP URLs were not redirecting to HTTPS as I wanted. This meant my Mukurtu site was available via HTTP and HTTPS. Users who used an HTTP URL were attempting to log in, and were (rightly) seeing warning messages from their browser that the site was not secure.
Reclaim suggested adding the following to the top of the root .htaccess file, which I added to line 63:
# redirect all http traffic to https
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
Not being familiar with Mukurtu's .htaccess file myself I was wondering if there is already a documented way to secure Mukurtu by forcing SSL in the installation instructions? If not does it make sense to add one, since privacy will likely be a significant concern for Mukurtu users?
I recently installed Mukurtu on Reclaim, and was able to to configure Let's Encrypt to enable HTTPS access using their cPanel. After that I could see my site just fine through a secure URL.
However HTTP URLs were not redirecting to HTTPS as I wanted. This meant my Mukurtu site was available via HTTP and HTTPS. Users who used an HTTP URL were attempting to log in, and were (rightly) seeing warning messages from their browser that the site was not secure.
Reclaim suggested adding the following to the top of the root
.htaccessfile, which I added to line 63:Not being familiar with Mukurtu's
.htaccessfile myself I was wondering if there is already a documented way to secure Mukurtu by forcing SSL in the installation instructions? If not does it make sense to add one, since privacy will likely be a significant concern for Mukurtu users?