Difference between revisions of "X-Cart:Configuring HTTPS"
m |
m |
||
| Line 2: | Line 2: | ||
==Obtain an SSL certificate== | ==Obtain an SSL certificate== | ||
| − | To use HTTPS for your X-Cart store site, you need to obtain an SSL certificate and have it properly installed and configured on your web server. | + | |
| + | To use HTTPS for your X-Cart store site, you need to obtain an SSL certificate and have it properly installed and configured on your web server. You also need to monitor your SSL certificate expiration date and be ready to renew it when necessary. | ||
The majority of hosting companies help their customers to purchase SSL certificates or provide their own Shared SSL URLs. If your hosting company does not render such services, you will need to purchase a certificate on your own. | The majority of hosting companies help their customers to purchase SSL certificates or provide their own Shared SSL URLs. If your hosting company does not render such services, you will need to purchase a certificate on your own. | ||
| Line 11: | Line 12: | ||
==Configure the HTTPS server in X-Cart== | ==Configure the HTTPS server in X-Cart== | ||
| + | |||
Once you have an SSL certificate for your store site installed and configured, you should adjust the HTTPS server settings in X-Cart. If your HTTPS host differs from your HTTP host, you will need to edit the file <xcart_dir>/config.php specifying your HTTPS host in the variable $xcart_https_host. | Once you have an SSL certificate for your store site installed and configured, you should adjust the HTTPS server settings in X-Cart. If your HTTPS host differs from your HTTP host, you will need to edit the file <xcart_dir>/config.php specifying your HTTPS host in the variable $xcart_https_host. | ||
==Enable HTTPS for your store== | ==Enable HTTPS for your store== | ||
| + | |||
Enable the secure checkout at your store by selecting the HTTPS protocol for the payment methods to be secure on the Payment Methods page. You can also adjust these HTTPS options on the '<u>General settings/Security options</u>' page: | Enable the secure checkout at your store by selecting the HTTPS protocol for the payment methods to be secure on the Payment Methods page. You can also adjust these HTTPS options on the '<u>General settings/Security options</u>' page: | ||
| Line 65: | Line 68: | ||
<div id="https_for_all_pages"> </div> | <div id="https_for_all_pages"> </div> | ||
| − | |||
| − | + | ===Setting HTTPS for the entire X-Cart store site=== | |
| − | + | ||
| − | + | ====Method 1. Web servers with support for .htaccess, like apache'''==== | |
| − | + | ||
| − | If you are using a web server of the above-named type, you | + | If you are using a web server of the above-named type, to set your entire X-Cart store to operate over HTTPS, you should add the following code to the .htaccess file after the line "RewriteBase": |
| − | after the line "RewriteBase": | ||
<pre> | <pre> | ||
RewriteCond %{HTTPS} off | RewriteCond %{HTTPS} off | ||
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] | RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] | ||
</pre> | </pre> | ||
| − | If the canonical URL of your site is known, it | + | If the canonical URL of your site is known, it will be even better to add the rules as follows: |
<pre> | <pre> | ||
RewriteCond %{HTTPS} off | RewriteCond %{HTTPS} off | ||
| Line 87: | Line 88: | ||
You can also use the following instructions: | You can also use the following instructions: | ||
https://www.sslshopper.com/apache-redirect-http-to-https.html | https://www.sslshopper.com/apache-redirect-http-to-https.html | ||
| − | + | ||
| − | + | ||
| + | ====Method 2. Servers like nginx.conf==== | ||
| + | |||
Convert the rules cited in Method 1 above | Convert the rules cited in Method 1 above | ||
to nginx.conf | to nginx.conf | ||
| Line 103: | Line 106: | ||
https://www.bjornjohansen.no/redirect-to-https-with-nginx | https://www.bjornjohansen.no/redirect-to-https-with-nginx | ||
<br /><br /> | <br /><br /> | ||
| − | |||
| − | X-Cart versions 4.7.9 and later | + | ====Method 3. Only recommended if you cannot use Method 1 or Method 2 above==== |
| + | |||
| + | '''X-Cart versions 4.7.9 and later'''<br /> | ||
To switch your entire X-Cart store to HTTPS, simply select the option 'On all pages' from the 'Use secure protocol (HTTPS)' selector: | To switch your entire X-Cart store to HTTPS, simply select the option 'On all pages' from the 'Use secure protocol (HTTPS)' selector: | ||
https://demo.x-cart.com/demo_goldplus/admin/configuration.php?option=Security#tr_use_https_login | https://demo.x-cart.com/demo_goldplus/admin/configuration.php?option=Security#tr_use_https_login | ||
| − | X-Cart versions prior to 4.7.9:<br /> | + | '''X-Cart versions prior to 4.7.9:'''<br /> |
To switch your entire X-Cart store to secure mode, edit the file https.php. Find the line: | To switch your entire X-Cart store to secure mode, edit the file https.php. Find the line: | ||
<pre> | <pre> | ||
Revision as of 15:12, 15 November 2017
This article provides guidelines for configuring HTTPS for your X-Cart store.
Contents
Obtain an SSL certificate
To use HTTPS for your X-Cart store site, you need to obtain an SSL certificate and have it properly installed and configured on your web server. You also need to monitor your SSL certificate expiration date and be ready to renew it when necessary.
The majority of hosting companies help their customers to purchase SSL certificates or provide their own Shared SSL URLs. If your hosting company does not render such services, you will need to purchase a certificate on your own.
We will be glad to assist you with this issue. You can purchase SSL certificates from our company. We sell SSL certificates provided by the world's leading Certification Authority, Comodo Group. For details, conditions and prices, please see http://www.x-cart.com/ssl/.
If you are on a dedicated server, we can offer you our service on analyzing and configuring your server and/or install an SSL Certificate on it. Please note that we will need the 'root' access to your server over SSH or the 'Administrator' access over MS Remote Access Desktop to complete these tasks.
Configure the HTTPS server in X-Cart
Once you have an SSL certificate for your store site installed and configured, you should adjust the HTTPS server settings in X-Cart. If your HTTPS host differs from your HTTP host, you will need to edit the file <xcart_dir>/config.php specifying your HTTPS host in the variable $xcart_https_host.
Enable HTTPS for your store
Enable the secure checkout at your store by selecting the HTTPS protocol for the payment methods to be secure on the Payment Methods page. You can also adjust these HTTPS options on the 'General settings/Security options' page:
Optionally, if you need secure certain php scripts you should add https scripts to <xcart_dir>/https.php file, 'https_scripts' array. You can find some examples in <xcart_dir>/https.php file:
$https_scripts[] = 'login.php'; $https_scripts[] = array( 'cart.php', "mode=checkout", );
Optionally, if you want to switch the whole x-cart to secure mode edit https.php file. Find the line
function is_https_link($link, $https_scripts) {
and replace it with
function is_https_link($link, $https_scripts) {
return true;
Now, if your web server does not use SSL certificates, and you are running an HTTPS Proxy instead, you may need to make additional settings to enable your X-Cart work over SSL (secure connection). In the include/https_detect.php file, define the proxy IP address and set the $HTTPS variable to 'true':
if ($_SERVER['REMOTE_ADDR'] == '192.160.1.1') {
$HTTPS_RELAY = true;
$HTTPS = true;
}
If you are not sure whether your web server uses SSL certificates or runs behind an HTTPS Proxy, contact your hosting service provider or server administrator or email our technical support - we will help you find that out.
If you experience problems with external services (payment / shipping) working over https while using curl/libcurl as the https module, try adding the following line to top.inc.php:
define('USE_CURLOPT_SSL_VERIFYPEER', 1);
after
$xcart_dir = rtrim(realpath($xcart_dir), XC_DS);
Setting HTTPS for the entire X-Cart store site
Method 1. Web servers with support for .htaccess, like apache
If you are using a web server of the above-named type, to set your entire X-Cart store to operate over HTTPS, you should add the following code to the .htaccess file after the line "RewriteBase":
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
If the canonical URL of your site is known, it will be even better to add the rules as follows:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://example.com/$1 [^] [R=301,L]
(Be sure to replace "example.com" with your actual canonical URL). The above code should be added before the code for handling Clean URLs.
You can also use the following instructions: https://www.sslshopper.com/apache-redirect-http-to-https.html
Method 2. Servers like nginx.conf
Convert the rules cited in Method 1 above to nginx.conf as follows:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
For more info, see:
https://www.bjornjohansen.no/redirect-to-https-with-nginx
Method 3. Only recommended if you cannot use Method 1 or Method 2 above
X-Cart versions 4.7.9 and later
To switch your entire X-Cart store to HTTPS, simply select the option 'On all pages' from the 'Use secure protocol (HTTPS)' selector:
https://demo.x-cart.com/demo_goldplus/admin/configuration.php?option=Security#tr_use_https_login
X-Cart versions prior to 4.7.9:
To switch your entire X-Cart store to secure mode, edit the file https.php. Find the line:
function is_https_link($link, $https_scripts) {
and replace it with
function is_https_link($link, $https_scripts) {
return true;
