HTTPS: secure web

February 5, 2019

Lang: cs en de es

Still a lot of websites, often even e-shops, do not have a secure website. That's why I decided to explain why to have a secure site using HTTPS and SSL certificate and how to do the redirection from HTTP to HTTPS correctly.

View details about site security using SSL certificate and HTTPS:

Don't you have a secure site yet?

Motivation not to delay with HTTPS:

  1. Security (HTTP anyone can read the content including passwords
  2. Better for SEO
  3. GDPR - you are required to ensure security
  4. Chrome HTTP marks sites as "insecure" as of July 2018

What is HTTP(S)

HTTP is typically run on port 80.
HTTPS is typically run on port 443.
What is HTTP (HyperText Transfer Protocol).
What is HTTPS.

SSL, TLS

What is SSL? Today, the more modern TLS is already in use.

Video

Video with information on how to secure a vec using SSL certificate and HTTPS and how to redirect from HTTP to HTTPS correctly

Certificate

Setting up a certificate:

  • commercial, possibly EV
  • Let's Encrypt - has API

Redirect to HTTPS

Migration procedure:

  1. get a certificate
  2. enable the HTTPS protocol
  3. check site functionality
  4. redirect HTTP to HTTPS

View certificate details:


When HTTP is redirected to HTTPS, it is a URL change. It is a bulk URL change. Which can affect results, but if it is done professionally, search engines no longer have a problem with it today.
Thanks to SNI, multiple sites with different certificates can be run on one IP without any-problems. Of course, where you have an old system with an old webserver, SNI is not supported. In this case, I recommend changing hosting or upgrading the webserver.

How to get the web wrong?

You're hurting yourself if you're running on both HTTP and HTTPS without redirecting to one specific canonical URL

How to do redirects right

Example from my site https://www.josefjebavy.cz: So everything: https://josefjebavy.cz, http://www.josefjebavy.cz, http://josefjebavy.cz without intermediate steps redirects directly to https://www.josefjebavy.cz .

.htacces

Example of redirection for apache web server using mod_rewrite module. Configuration written to the .htaccess file: 

# redirect from http to https
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Further Security

To increase the security of your visitors, you can also deploy HTTP Strict TransportSecurity.

Články na podobné téma

Python program to control Docker using the API
How to use MailCatcher to test emails
Python OpenAI API
Creating a WebSocket web application and setting up a proxy
Project management: agile software development
How to run old PHP applications
What a good programmer should know
Rust programming language
NodeJS: development, server configuration
Nette security bug CVE-2020-15227
REST API: platform API
Custom web and mail hosting with ISP Config software
Programming in SQL: PostgreSQL, MySQL/MariaDB
NoSQL database Mongo DB
Connecting to Microsoft SQL Server from Linux
What is the job description of a programmer
Python application localization
Which mail and web hosting to choose
Digispark - Program Atmel ATtiny microcontroller with Arduino IDE
Development for ARM processors with Arduino IDE
How to program the ESP8266 WiFi processor
Open smartphone with Linux - Openmoko Neo FreeRunner

Newsletter

If you are interested in receiving occasional news by email.
You can register by filling in your email news subscription.


+