Skip to main content

Time Lag for Force HTTPS Redirect to Take Effect?

Comments

13 comments

  • cPanelLauren
    Hi @linux4me2 I believe you're referencing the new feature in cPanel's domains interface correct? [QUOTE] HTTPS redirection of websites In cPanel & WHM version 80, we added the Force HTTPS Redirect toggle to cPanel's
    0
  • linux4me2
    Thanks, Lauren. I am referring to the new feature, and I am running PHP-FPM, so that may very well be the cause.
    0
  • cPanelLauren
    Hi @linux4me2 Are you by chance running anything litespeed related or php-fpm?
    0
  • linux4me2
    It looks like our posts crossed. Yes, I am running PHP-FPM, but not Litespeed.
    0
  • cPanelLauren
    Sorry I didn't see your response before I responded again. I was looking at a case for this but I believe I've ruled it out as you're not running LSAPI. One thing I did notice on systems without FPM was that if the taskqueue was busy or there are a lot of domains (as it runs update_users_vhosts) there could be a delay between submission and the actual execution of the apache restart. I'd suggest opening a ticket, I believe there may be a new related case here or at the very least some configuration issue causing the delay with PHP-FPM. Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved. Thanks!
    0
  • linux4me2
    I'd like to, but I'm using leased cPanel/WHM, so I'd have to go through my host, and that doesn't work too well. I just tried another account using WordPress, and there was no delay. I've got a few more to try, and I'll experiment by restarting PHP-FPM if there is lag for one of them.
    0
  • cPanelLauren
    Hi @linux4me2 If you have a cPanel license and root access to the server even if it's through a provider you can still open a ticket with us if necessary or your provider doesn't provide support (they should provide it but I understand that's not always as efficient)
    0
  • linux4me2
    I did not know that. I never got past the warning that I needed to go through my hosting provider. That's good to know. Let me try a few more accounts to see if I'm still experiencing the lag. If I do, I'll submit a support ticket.
    0
  • cPanelLauren
    Awesome, let us know how it goes.
    0
  • linux4me2
    I just upgraded five WordPress sites to SSL, and only one of the five showed any delay with the HTTPS redirect. I restarted PHP-FPM and it made no difference. Then, I restarted Apache, and it didn't make any difference, but within a few minutes, the redirect began working. So I would say PHP-FPM and Apache are not the cause. I am using WP Super Cache on the sites, and tried clearing the cache, too, but that made no difference. I'm not using any server-level caching or Cloudflare. My original post here was prompted by seeing the delay in redirect taking effect on three plain HTML sites, which, unlike WordPress, don't include their own redirect, which WordPress does when the Site and Home URLs are set in WordPress to HTTPS. So, I went back to one of the plain HTML sites, which has no caching whatsoever, and disabled the HTTPS redirect, then tried to browse to the site using HTTP, and I was still redirected to HTTPS. I restarted PHP-FPM, and was still redirected to HTTPS with the redirect disabled. Next, I tried a virgin browser that had not visited the site since I enabled SSL, and tried to pull up the site using HTTP. I still got redirected HTTPS, so I don't think it's the browser. I'm going to think about this and see if I can come up with a reason the delay occurs, but I don't think it's worth a support ticket. It's not a big deal; the redirect worked immediately 80% of the time with WordPress sites, and even when it didn't work immediately, it began working after just a few minutes. I will probably never need to use the feature again once it's enabled. I'll just remember that it takes a few minutes to work. I only posted because I was curious about it, and thought it might be inherent in how the redirect is done. I'm going to use the HTTPS redirect on my sites that have been using an .htaccess HTTPS redirect; I'll just wait a little while before removing the redirect from my .htaccess.
    0
  • PeteS

    I too have a question about HTTPS redirection still happening when there's no .htaccess redirect, nor is Force HTTPS Redirect turned one.

    When I create a new subdomain and immediately go to it (just typing new.domain.com) it goes to https. Why? What else could be causing this? I disabled nginx for the main domain and it still redirects to https.

    Where does Force HTTPS Redirect take place? I assume in Apache and/or the vhosts file, but where to I check to see if it's active?

    AFAIK there no place in WHM that forces this for all domains, correct?

    0
  • PeteS

    Update: I did not think this was browser related because I had tried clearing all data for the domain. But I discovered that going to another device (my iPhone) did not force https, UNTIL after I have visited it over https. I also discovered that visiting https://domain.com would force test.domain.com to use https even though test. was new. What's strange it that clearing all the browser's data does not reset this behavior, not does opening a private browsing window..

    Not a huge issue (I want https!) but it still an issue for testing... e.g. if I turned off force https and forgot to re-enable it, I wouldn't see that or be able to test for it.

    I would also still like a cPanel answer about where their force https is being accomplished.

    0
  • cPRex Jurassic Moderator

    Hey there!  I'm glad you found that the issue is isolated to one particular system, although I can't say for sure what is happening there.

    Our Force HTTPS system does indeed use Apache configurations to perform the redirection.  When the option is enabled in cPanel >> Domains by engaging the toggle, we add the following code to the specific domain's vhost in the Apache configuration:

        RewriteCond %{HTTP:X-Forwarded-Proto} !https
        RewriteCond %{HTTPS} !=on
        RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

     

    0

Please sign in to leave a comment.