HTTPS: secure web
February 5, 2019Still a lot of websites, often even e-shops, do not have a secure website. That's why I decided to explain why to have a secure site using HTTPS and SSL certificate and how to do the redirection from HTTP to HTTPS correctly.
View details about site security using SSL certificate and HTTPS:
Don't you have a secure site yet?
Motivation not to delay with HTTPS:
- Security (HTTP anyone can read the content including passwords
- Better for SEO
- GDPR - you are required to ensure security
- Chrome HTTP marks sites as "insecure" as of July 2018
What is HTTP(S)
HTTP is typically run on port 80.
HTTPS is typically run on port 443.
What is HTTP (HyperText Transfer Protocol).
What is HTTPS.
SSL, TLS
What is SSL? Today, the more modern TLS is already in use.Video
Video with information on how to secure a vec using SSL certificate and HTTPS and how to redirect from HTTP to HTTPS correctly
Certificate
Setting up a certificate:
- commercial, possibly EV
- Let's Encrypt - has API
Redirect to HTTPS
Migration procedure:
- get a certificate
- enable the HTTPS protocol
- check site functionality
- redirect HTTP to HTTPS
View certificate details:
When HTTP is redirected to HTTPS, it is a URL change. It is a bulk URL change. Which can affect results, but if it is done professionally, search engines no longer have a problem with it today.
Thanks to SNI, multiple sites with different certificates can be run on one IP without any-problems. Of course, where you have an old system with an old webserver, SNI is not supported.
In this case, I recommend changing hosting or upgrading the webserver.
How to get the web wrong?
You're hurting yourself if you're running on both HTTP and HTTPS without redirecting to one specific canonical URLHow to do redirects right
Example from my site https://www.josefjebavy.cz: So everything: https://josefjebavy.cz, http://www.josefjebavy.cz, http://josefjebavy.cz without intermediate steps redirects directly to https://www.josefjebavy.cz .
.htacces
Example of redirection for apache web server using mod_rewrite module. Configuration written to the .htaccess file:
# redirect from http to https RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Further Security
To increase the security of your visitors, you can also deploy HTTP Strict TransportSecurity.Articles on a similar topic
Go programming language
Analysis of assignment and pricing of software project development
Python program to control Docker using the API
How to use MailCatcher to test emails
Python OpenAI API
Creating a WebSocket web application and setting up a proxy
Project management: agile software development
How to run old PHP applications
What a good programmer should know
Rust programming language
NodeJS: development, server configuration
Nette security bug CVE-2020-15227
REST API: platform API
Custom web and mail hosting with ISP Config software
Programming in SQL: PostgreSQL, MySQL/MariaDB
NoSQL database Mongo DB
Connecting to Microsoft SQL Server from Linux
What is the job description of a programmer
Python application localization
Which mail and web hosting to choose
Digispark - Program Atmel ATtiny microcontroller with Arduino IDE
Development for ARM processors with Arduino IDE
How to program the ESP8266 WiFi processor
Open smartphone with Linux - Openmoko Neo FreeRunner
Newsletter
If you are interested in receiving occasional news by email.
You can register by filling in your email
news subscription.
+