I have a doubt in relation to redirections http>https and non www >www

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: relatospulp.com

I ran this command:

It produced this output:

My web server is (include version): LAMP

The operating system my web server runs on is (include version): CENTOS 7

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No, I don´t use a control panel

I have installed Lets ecripted certificates for my websites with Apaceh Cerbot, and I have elected second option “always force SSL”. I understand that on this way, all http conections (port 80) are redirected to https version of my webs (port 443)

The problem is I have also a redirection on my Joomla installation for “non www” to “www” urls, across htaccess file. Therefore, there are two kinds of redirecions on the table: http > https / non www > www

My system works ok (a bit slow maybe, for not good server configuration), but google test pagespeed alert me about many redirections in use:

If I type my url: relatospulp.com, I achive this sequence:

http://relatospulp.com/ >> https://relatospulp.com/ >> https://www.relatospulp.com/

How can I setup up my redirections of a simple way with lets encripted?


I have this code inserted by Lets encrypt on VirtualHost (Port 80): (FIRST REDIRECTION for HTTP > HTTPS)

RewriteCond %{SERVER_NAME} =www.relatospulp.com [OR]
RewriteCond %{SERVER_NAME} =relatospulp.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]


An I have this code on my HTACCESS: (Second redirection, for non www to www urls):
RewriteCond %{HTTP_HOST} ^relatospulp.com [NC]
RewriteRule ^(.*)$ https://www.relatospulp.com/$1 [L,R=301]


Thanks :wink:

Hi @skizo

this

is wonderful. And it's exact that, what you should do - says Google:

The Preload-List: If a domain is preloaded, then the browser never loads the http version, only the https - version. It's a built-in strict transport security.

https://hstspreload.org/

This form collects domains who wanted to be listet in this preload list. Google startet that, FireFox and Microsoft are using the same list.

There:

  • Serve a valid certificate .
  • Redirect from HTTP to HTTPS on the same host, if you are listening on port 80.
  • Serve all subdomains over HTTPS.

So http://relatospulp.com/ -> https://www.relatospulp.com/ is wrong.

Instead http://relatospulp.com/ -> https://relatospulp.com/ - same host, without a new dns query.

Selecting one version (non-www or www) and redirecting the other version is also ok.

So ignore the pagespeed alert.

1 Like

ok! thanks! I thinked that it cause me a delay in conexion for response o my server. :wink:

Note, you need to be a little more careful with your configuration if you turn on HSTS preload. Once you do, nobody will be able to load your site at all if your https breaks. They won’t be able to bypass https warnings, and they won’t be able to visit the http version in a pinch. You definitely want to make sure your certificate renewals work, and give you enough time between renewal and expiration to fix any issues that might arise during renewals. The recommended 30 days should be sufficient, so long as you pay attention to failed attempts as soon as they happen.

Hi @jared.m

I don't think, @skizo want to use the preload directive now.

I used this link, because it's an official statement of Google:

Redirect from HTTP to HTTPS on the same host

Combined with a redirect non-www -> www (or www -> non-www) there are two redirects, not one.

If the redirects are done with http status 301, they are good and save.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.