My operating system is (include version): Ubuntu server 14.04lst
My web server is (include version): apache2
My hosting provider, if applicable, is:Videotron (port 80 is blocked but not 443)
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
Hi ! https is enable, but I want to force it. I check the “secure” option in the setup, it works for “bbnation.asuscomm.com” but not for “blindbeavernation.net”. It’s kind of wierd.
.htaccess is a file which stores extra configrations for apache servers. Go to parent directory of your site create .htaccess file if not exists (dont forget add dot “.” to beginning of file name ) and paste above code inside.
Will this really work since my port 80 is blocked ? I mean, the user need to reach port 80 to know that he is redirect to port 443 ? And why do I need to do this for this domain but not for bbnation.asuscomm.com ? that’s odd
When port 80 is blocked it won’t work. However it is bad practise to do this. Just always serve a redirect when you want to force HTTPS.
Additionally you might consider using the HSTS header to force HTTPS also for future connection. Be aware that dropping HTTPS support in the future will be difficult if you use this header.
Thank you for the respond, the thing is, I don’t get why it works with out the HSTS header on one of my domain and not on the other that is pointing to the same IP adress. If I type “bbnation.asuscomm.com” it’s automaticly in HTTPS, but if I tryed blindbeavernation.net it’s not. it’s kind of wierd I sucess for one and fail for the other, yet, I am using the same procedure
Oh that’s ugly. If my ISP would do such a thing I would personally look for another ISP. Because naturally your ISP could also start blocking port 443 later.
So as for your actually issue it depends for what you want to use your website. Is it only accessed by web browsers?
If so first manually access your (sub)domain with HTTPS and if the header is correctly set (which you can e.g. see in the developer console of the browser) all later requests should be redirected.
However you of course can’t expect other visitors to do the same.
You might try to get listed on https://hstspreload.appspot.com/, but AFAIK they require a HTTPS redirect. Additionally even if your ate included it takes months until a new browser release with this list is published.