Best way to force SSL


#1

Hello,

I’ve forced SSL on my server using the following directives:

<VirtualHost _default_:80>
  DocumentRoot "[Full path to install dir]"
  ServerName [url without protocol]    # added this line
  Redirect permanent / https://[url]/  # added this line
  ...

in the file at [install directory]/apache2/conf/bitnami/bitnami.conf

My questions: is this considered the best way to force SSL?
Will I need to add these changes to version control or is this file safe in DF updates?

Thanks!
Josiah


#2

Hi!

Apache’s Wiki says you don’t even need DocumentRoot directive, if you want redirect all the traffic:

https://wiki.apache.org/httpd/RedirectSSL#line-2-1

Wbr,

Gunnar


#3

I agree, but that’s in the file already so I left it in as a marker of where to put the code. :slight_smile: