Force https in a shared hosting environment

ssl
webserver_issue
hosting

#1

Hello,
I have my OwnCloud installation on a shared host, and no access to my vhost-configuration.

I noticed that the force_ssl-option in the configuration file is no longer supported. In the documentation I don't find another way of forcing access over SSL for an installation at https myserver.com/owncloud

Thanks!


#2

See e.g.:

https://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file

or contact the support of your shared hoster for more info. Stuff like this is not the job of a web application so this is the reason why the force_ssl option was removed.


#3

Yeah tried that, but it ends up in an endless redirect loop.
Not sure why "stuff like this is not the job of the web application"? Doesn't this community support users hardening their own installation? Not everybody owns a (virtual) server.


#4

Please contact the support of your hoster as already advised. They know how to achieve what you're looking for on their environment.

Because a secure hardening needs to take place at your webserver and not at each web application you're running.

This changes also applies to the HTTPS enforcement of ownCloud that now has to happen on the web server layer and not anymore in the ownCloud configuration. While this is slightly less comfortable it ensures an overall better security level.

-> https://statuscode.ch/2015/05/security-and-owncloud-8.1/#security-related-headers-can-now-be-sent-by-the-web-server

What are you trying to say with this comment? Its already possible via various webserver methods like the .htaccess as pointed out above. You can't make the "community" responsible if you don't know how to apply those hints or if your shared hosters is restricting you in a way that you can't apply those.


#5

Im not sure why you're reacting like like this, if you don't want to help, then let it be? I'm not making the community responsible, I'm asking for further advice.

I normally just add some code to index.php to redirect users to https. The regular htaccess doesn't seem to work on my install, and my hoster already has a hard time keeping proxies open, so asking them to modify vhosts won't lead anywhere soon.


#6

No help? You already got more then enough pointers and help how to achieve what you're looking for. :wink:

Its just not possible to achieve what you're looking for from within ownCloud. And the way it could be done from within your webserver highly depends on the webserver, the environment and the configuration of your hosting provider. Its not possible to give specific help here.

I'm out, bye.


#7

You can use wget to show the redirection steps which might help you to figure out how to break this loop:

And here it doesn't work?

No, it's no requirement. However if you consider a serious use of ownCloud, you should consider this at some point. In some hosting environments it's practically impossible to install ownCloud and you have much less tools to debug problems.


#8

In fact, webaccess works, is being redirected properly, but the desktop client times out. It reconnects as soon as the original htaccess is restored.

Is index.php the only point of entry? Is there a recommended way to redirect from there?

Thanks for the feedback. Not sure what you mean with serious usage? The family server?


#9

Add this code in the .htaccess file of your website.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Step by step guide: Force SSL with .htaccess