SetupHTTPS

The internet community is rapidly moving to ensuring all websites are secure by using Hypertext Transfer Protocol Secure (HTTPS).

Note that HTTPS and mobile friendly are used as ranking signals by search engines.

This page is a placeholder or work in progress, serving to amalgamate information from the email list and recipes to where it should be held in the main PmWiki pages.

HTTPS request handling by PmWiki

PmWiki already responds properly to https: requests -- it detects when a request comes in via HTTPS and converts its outgoing links accordingly. This doesn't need a new variable.

The sample config.php contains:

# $ScriptUrl = 'http://www.mydomain.com/path/to/pmwiki.php';
# $PubDirUrl = 'http://www.mydomain.com/path/to/pub';

To force all pmwiki links to use https change this to:

$ScriptUrl = 'https://'.$_SERVER['HTTP_HOST'].'/pmwiki/pmwiki.php';
$PubDirUrl = 'https://'.$_SERVER['HTTP_HOST'].'/pmwiki/pub';

Chances are that a site is already setting $ScriptUrl in the local/config.php anyway -- it's one of the first things mentioned in docs/sample-config.php, and in the initial setup tasks documentation.

I'd be fine with updating docs/sample-config.php to include something like:

# If you prefer HTTPS over HTTP linkages:
   # $UrlScheme = 'https';
   # $ScriptUrl = 'https://www.mydomain.com/path/to/pmwiki.php';
   # $PubDirUrl = 'https://www.mydomain.com/path/to/pub'; 

PmWiki to automatically redirect HTTP to HTTPS

To have PmWiki automatically redirect incoming HTTP requests to be a HTTPS request... that sounds recipe-ish. And it's much more efficient for it to be handled at the webserver level anyway (e.g., vis .htaccess, Redirect, etc.)

At the beginning of config.php add, for versions of PmWiki after 2.2.0-beta18

if ($UrlScheme == 'http') {
  header( "Location: " . "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] );
  exit('<html><body>
    <a href="https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'] . '">Please use HTTPS</a>
    </body></html>');
}
$ScriptUrl = "https://".$_SERVER['HTTP_HOST']."/pmwiki/pmwiki.php";
$PubDirUrl = 'https://'.$_SERVER['HTTP_HOST'].'/pmwiki/pub';

Certificate

A certificate from a Certificate Authority is required, a self-signed certificate is no longer adequate[1].

  • Let’s Encrypt is a free, automated, and open Certificate Authority
    • EFF's CertBot for automatically enabling HTTPS on your PmWiki deploying Let's Encrypt certificates.
    • Certify the Web provides a Windows native client to acquire and install a Let's Encrypt certificate

Using .htacccess for HTTPS

Create, or add to, an .htaccess file in the public_html directory. Add the lines

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 

Ensure the RewriteEngine On is not repeated twice.[2]

Setup HTTPS on IIS

The following steps will assist in getting PmWiki working with HTTPS on ISS.

  • Follow the steps above to enable HTTPS in PmWiki and acquire a SSL Certificate.
  • In IIS select the server, and Sever Certificates
    • if your certificate is not already shown here (e.g. from LetsEncrypt) import it
    • Enable Automatic Rebind of Renewed Certificate
  • In IIS select the website to secure
    • choose the Binding action, add a binding of Type https for your Host Name, then select the SSL certificate to use

You can also redirect your http traffice to https.

Also check

  • your router is set to allow port 443 (HTTPS) traffic
  • your firewall is set to allow HTTPS (port 443) traffic

A Simpler Way

You can simply do this as well, I have been using for some time now:

$ScriptUrl = '//your-host-name.com/pmwiki/pmwiki.php';
$PubDirUrl = '//your-host-name.com/pmwiki/pub';

You just have to remove the 'http:' or 'https:' altogether, but this will remove compatibility with older browsers and some PmWiki recipes, like googledocviewer, be careful.

References


This page may have a more recent version on pmwiki.org: PmWiki:SetupHTTPS, and a talk page: PmWiki:SetupHTTPS-Talk?.