Drupal 7 HTTPS

In order to keep up with Google’s HTTPS recommendations and related SEO implications, and in order to take advantage of CloudFlare’s recent move to support SSL for all sites, including free plans, with its “Universal SSL” initiative, we at Origin Eight are setting up all future Drupal sites (at least those that we host under our DripDrop Hosting umbrella) with site-wide HTTPS,  using CloudFlare’s Flexible SSL at a minimum.

For Drupal 7, we found the following configuration works quite well:

Add the following text in the gray box to .htaccess right after it says “RewriteEngine on”, or, even better, add to the webserver config in a site-specific manner so that upgrading Drupal core does not wipe out the .htaccess file:

# Various rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on

RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

# Set "protossl" to "s" if we were accessed via https://.  This is used later
# if you enable "www." stripping or enforcement, in order to ensure that
# you don't bounce between http and https.
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]

Then, add

$_SERVER['HTTPS'] = 'on';

to local.settings.php, ensuring local.settings.php starts with <?php and does not include a closing ?>, also ensuring the local.settings.php file is included via settings.php like so (make sure to clear your caches afterwards):

  # Additional site configuration settings.
  if (file_exists('/PATH_TO_DRUPAL_INSTALL/sites/www.SITENAME.com/local.settings.php')) {

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: