typo3 站点与 http 和 https
[英]typo3 site with http and https
问题描述
I have a site working as http.
我有一个作为 http 的站点。 The site has from letsencrypt a certificate and the realted apache config to work with https as well.该站点具有来自letsencrypt的证书和真实的apache配置,也可以与https一起使用。
How can I configure t3 to do both, http and https.如何将 t3 配置为同时执行 http 和 https。
Regardless what I tried to configure it works either or but not both.无论我尝试配置什么,它都可以工作,但不能同时工作。
Help appreciated!帮助表示赞赏!
Regards Kallewirsch问候 Kallewirsch
3 个解决方案
解决方案1
1 2022-09-23 06:32:30
You can use baseVariants with conditions based on the request environment.您可以根据请求环境使用带有条件的baseVariants 。
As an example:举个例子:
base: http://your.server
baseVariants:
- base: 'https://your.server
condition: 'getenv("HTTPS") === "on"'
(How https:// is signalled to PHP depends on your webserver/proxy environment. See https://stackoverflow.com/a/16076965/2819581 ) (如何将 https:// 发送到 PHP 取决于您的网络服务器/代理环境。请参阅https://stackoverflow.com/a/16076 )
Nota bene: You have been warned about duplicate content, security etc. already.注意事项:您已经收到有关重复内容、安全性等的警告。
解决方案2
0 2022-09-22 07:49:27
No matter why you think you need to do this, supporting both schemas as in "after page load http can still be shown in the url bar" is not a secure nor a necessary thing anymore.不管你为什么认为你需要这样做,支持两种模式,如“页面加载后http仍然可以显示在 url 栏中”不再是安全的,也不是必需的。 What is relevant is that if a user types in http://example.com the page will be shown and that all communication with your server is secure, thus in the end https should be used.相关的是,如果用户输入http://example.com将显示该页面并且与您的服务器的所有通信都是安全的,因此最终应该使用https 。 Letsencrypt is a wonderful choice. Letsencrypt 是一个不错的选择。
In order to circumvent all problems user, browsers and web applications can run into, HSTS should be activated, which is basically "web server magic" for always using https without leaving anybody behind, even if they try to use http .为了规避用户、浏览器和 web 应用程序可能遇到的所有问题,应该激活 HSTS,这基本上是“Web 服务器魔法”,始终使用https而不留下任何人,即使他们尝试使用http So configure TYPO3 to serve via https and activate HSTS for your webserver.因此,将 TYPO3 配置为通过 https 服务并为您的网络服务器激活 HSTS。
On the details for why and how to HSTS refer to eg https://https.cio.gov/hsts/关于为什么以及如何进行 HSTS 的详细信息,请参阅例如https://https.cio.gov/hsts/
If you want TYPO3 to serve content no matter the schema or domain adapt the TYPO3 site configuration base url to not include schema or domain.如果您希望 TYPO3 无论架构或域都提供内容,请调整 TYPO3 站点配置库 url 以不包含架构或域。 For security reasons I won't provide an example.出于安全原因,我不会提供示例。
解决方案3
0 2022-09-22 08:10:24
You should configure an http to https redirect in apache configuration.您应该在 apache 配置中配置 http 到 https 重定向。 (.httacess) (.httacess)
Http times are over browser ms default to https and auto upgrade connections if possible. Http 时间超过浏览器 ms 默认为 https 并尽可能自动升级连接。 Also http is rightly marked as insecure (similar to a wrong ssl certificate) http 也被正确标记为不安全(类似于错误的 ssl 证书)
There is no valid reason to use http.没有正当理由使用 http。 Anymore不再
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.