Help and support

How to configure HTTPS on a Drupal site


Before setting up httls for Drupal, you need to perform preparatory actions: install an SSL certificate, make a backup copy of the site and database files. These are standard measures.

An SSL certificate is purchased from a hosting provider. It can be installed either by technical support staff or by yourself, following simple instructions.

And a backup copy of files is necessary for insurance. If an unexpected failure occurs, you can roll everything back by restoring the latest working version of the site.

Setting up https for Drupal is very simple - easier than for web resources running on other CMSs. Therefore, the instructions on how to add the https protocol will be short.

How to configure HTTPS for Drupal 7

The transition to https for Drupal 7 is done in 2 stages. First, open the CMS configuration file, which is located in the sites/default/settings.php folder. The following lines should be written in it:

$conf ['https'] = TRUE;

$base_url = '';

Then locate the .htaccess file in the root directory of the website. Open it and write these lines:

RewriteCond% {HTTPS} off

RewriteCond% {HTTP: X-Forwarded-Proto}! Https

RewriteRule ^ (. *) $ Https://% {HTTP_HOST} % {REQUEST_URI} [L, R = 301]

This is necessary so that users who visited the site at the old address (from https) are automatically redirected to https.

This action can be performed in another way. Open the configuration file sites/default/settings.php and write the following lines:

if (!array_key_exists('HTTPS', $_SERVER)) {

header ( 'HTTP / 1.1 301 Moved Permanently' );

header ( 'Location:' . $_SERVER [ 'REQUEST_URI'] );

exit ();


But keep in mind that you cannot use both of these forwarding methods at the same time. Otherwise, it will lead to a circular redirection.

How to configure HTTPS for Drupal 8

Configuring https for Drupal 8 is even easier, because you don't need to write anything in the settings.php file. All you need to do is set up the redirect by editing .htaccess. The instructions are the same as described above.

To protect a Drupal site, you can install the Secure Login module. It will help secure sessions of authorized visitors from interception.

Alternatively, you can connect HSTS. This will make the site more secure against data interception.

This completes the https setup. You can enter the domain of the site and make sure that you are automatically redirected to the new version of the URL with https. If any problems arise, our support will help to solve them.

Like the article? Tell your friends about it: