Setup HTTPS

The internet community is rapidly moving to ensuring all websites are secure(approve sites) by using Hypertext Transfer Protocol(approve sites) Secure (HTTPS).

Note that HTTPS(approve sites) and mobile friendly(approve sites) are used as ranking signals by search engines.

This page is a placeholder or work in progress, serving to amalgamate information from the email list and recipes to where it should be held in the main PmWiki pages.

HTTPS request handling by PmWiki

PmWiki already responds properly to https: requests -- it detects when a request comes in via HTTPS and converts its outgoing links accordingly.

The sample config.php contains:

To force all pmwiki links to use https change this to:

Chances are that a site is already setting $ScriptUrl in the local/config.php anyway -- it's one of the first things mentioned in docs/sample-config.php, and in the initial setup tasks documentation.

I'd be fine with updating docs/sample-config.php to include something like:

# If you prefer HTTPS over HTTP linkages:
   # $UrlScheme = 'https';
   # $ScriptUrl = 'https://www.mydomain.com/path/to/pmwiki.php';
   # $PubDirUrl = 'https://www.mydomain.com/path/to/pub'; 

PmWiki to automatically redirect HTTP to HTTPS

To have PmWiki automatically redirect incoming HTTP requests to be a HTTPS request... that sounds recipe-ish. And it's much more efficient for it to be handled at the webserver level anyway (e.g., vis .htaccess, Redirect, etc.)

At the beginning of config.php add, for versions of PmWiki after 2.2.0-beta18

if ($UrlScheme == 'http') {
  header( "Location: " . "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
  exit('<html><body>
    <a href="https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] . '">Please use HTTPS</a>
    </body></html>');
}
$ScriptUrl = "https://".$_SERVER['HTTP_HOST']."/pmwiki/pmwiki.php";
$PubDirUrl = 'https://'.$_SERVER['HTTP_HOST'].'/pmwiki/pub';

Certificate

A certificate from a Certificate Authority is required, a self-signed certificate is no longer adequate^{[1](approve sites)}.

• Let’s Encrypt(approve sites) is a free, automated, and open Certificate Authority
  • EFF's CertBot(approve sites) for automatically enabling HTTPS on your PmWiki deploying Let's Encrypt certificates.
  • Certify the Web(approve sites) provides a Windows native client to acquire and install a Let's Encrypt certificate

Using .htacccess for HTTPS

Create, or add to, an .htaccess file in the public_html directory. Add the lines

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 

Ensure the RewriteEngine On is not repeated twice.^{[2](approve sites)}

Setup HTTPS on IIS

The following steps will assist in getting PmWiki working with HTTPS on IIS(approve sites).

• Follow the steps above to enable HTTPS in PmWiki and acquire a SSL Certificate.
• In IIS select the server, and Sever Certificates
  • if your certificate is not already shown here (e.g. from LetsEncrypt) import it
  • Enable Automatic Rebind(approve sites) of Renewed Certificate
• In IIS select the website to secure
  • choose the Binding action, add a binding of Type https for your Host Name, then select the SSL certificate to use

You can also redirect(approve sites) your http traffic to https.

Also check

• your router is set to allow port 443 (HTTPS) traffic
• your firewall is set to allow HTTPS (port 443) traffic
• IIS SSL settings are set to Client certificates: ignore

A Simpler Way

You can simply do this as well, I have been using for some time now:

You just have to remove the 'http:' or 'https:' altogether, but this will remove compatibility with older browsers and some PmWiki recipes, like googledocviewer, be careful.

References

• Cookbook:SwitchToSSLMode
• How to Redirect HTTP to HTTPS using .htaccess File?(approve sites)