Log in | Register
  1. Forum
  3. Discontinued Products
  5. JFBConnect Joomla 2.5 Support (CLOSED)
  7. SOLVED: Using SSL and https ONLY for Facebook

Topic-icon SOLVED: Using SSL and https ONLY for Facebook

Active Subscriptions:

None
13 years 11 months ago #23843 by Ludwig von Mises
I have purchased an SSL certificate to be able to send friend invites as well as show my site on my Facebook page. Before I actually install the certificate, I wanted to know if I will have to do some preventative SEO work to avoid duplicate content between http: and https:. I don't have any experience with SSL-enabled Joomla! sites so I have a couple of questions:

1) Does the mere installation of the certificate mean that my entire site will be immediately "available" in both http: and https:?

2) Does Facebook require me to enable SSL on the entire site or can I leave 'Force SSL' on "None" in Joomla! admin?

I see on the JFBConnect homepage I am redirected to http: from https:

Thanks!
The topic has been locked.
Support Specialist
13 years 11 months ago #23848 by alzander
1) Yes, the entire site by default would be accessible over http or https. Using .htaccess or other mechanisms, you can redirect SSL requests to non-SSL. Generally, Google and other sites don't consider https and http to be 'different' pages for duplicate content purposes.

2) You can leave Force SSL to none. Facebook will simply request the https version.

We definitely have a lot of .htaccess stuff going on to prevent SSL connections where they are not needed. Due to the nature of SSL, when it is enabled, browsers and most content won't cache data, which can slow things down a little. It's not drastic, but speed improvements are good improvements!

Alex
The topic has been locked.
Active Subscriptions:

None
13 years 11 months ago #23851 by Ludwig von Mises
Thanks for the info. Definitely seems like a straightforward implementation. I assume that any redirects to http from https will not hinder Facebook's ability to detect https? Or do you have some exceptions for FB in your "a lot of .htaccess stuff going on"?
The topic has been locked.
Support Specialist
13 years 11 months ago #23858 by alzander
Redirects from http to https shouldn't really be a problem. Facebook will try https first if it wants it, and it's good about redirects.. in general.. there are certain circumstances which are bad, but not common :)

For our https redirects, we basically have a redirect that says "If not on pages x,y, or z, redirect the user to the non-https page". The pages that we allow (and in some cases force) https on are our home page (optional so that it can be used by the Facebook Canvas and Page Tab URLs) and our checkout pages (forced for obvious security reasons). If you're interested, I can gladly paste our .htaccess redirects for those pages so you see how it works.

Hope that helps,
Alex
The topic has been locked.
Active Subscriptions:

None
13 years 11 months ago #23876 by Ludwig von Mises

alzander wrote: The pages that we allow (and in some cases force) https on are our home page (optional so that it can be used by the Facebook Canvas and Page Tab URLs


This gives me the impression that if I put the homepage as the Canvas and Page Tab URL then it HAS to be https! i.e., the redirect to http DOES interfere with Facebook's required secure connection. If that's the case, then I guess I would have to make an alternate https home page to be used only by Facebook.

[EDIT]

I got it working. I created an extra robots_ssl.txt file with Disallow: /
I added these lines to .htaccess:
RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^robots.txt$ robots_ssl.txt

RewriteCond %{SERVER_PORT} ^443$
RewriteRule ^(.*)$ http://miraargentina.com/$1 [R=301,L]

The first Rewrite directs the search bots to my secondary robots_ssl.txt file if they access the site through https
The second Rewrite redirects all https to http. This does not seem to affect the page tab application.

It's overkill but I just want to be safe before getting into duplicate content issues with SSL.

It's working in my Facebook. It would be nice if someone can confirm if my page tab is working.

facebook.com/MiraArgentina

Thanks for the advice!

[/EDIT]
The topic has been locked.
Support Specialist
13 years 11 months ago #23898 by alzander
Ludwig,
Whatever page you set for the Canvas or Page Tab URLs have to be *able* to use https. They don't have to force it. Our home page, for example, can be loaded over either. Facebook loads the https version. Anyone just navigating to the site will (generally) get the http version.

Your page is loading in a Facebook Page Tab for me and looks good. It needs to be scrolled to see the sides, but usable now. If you ever want to create a slimmer template, JFBConnect will let you select that to be used when in Page Tab, but that's up to you.

As for your redirection .htaccess stuff, that's a pretty slick idea. Well thought out and pretty easy to implement. Well done!

If you need anything else, just let us know!
Alex
The topic has been locked.
Active Subscriptions:

None
13 years 11 months ago #23924 by Ludwig von Mises
I am surprised having two different RewriteRules for the same RewriteCondition did not mess anything up. The 301 to http might be overriding the Rewrite to the robots_ssl.txt file, but for now everything is OK and Google has not indexed any https pages today. If any issues come up I will post again, but for now I am marking the topic as 'solved' and changing the post subject.
The topic has been locked.
Support Specialist
13 years 11 months ago #23927 by alzander
They both work because only the second one ends with the [L] statement. The L means 'last', which will stop execution of the .htaccess file. That means that both will execute and then stop directly afterwards. If the Condition isn't met, then neither would execute. So, in other words, you're doing it just right :)

If you do run into other issues though, just let us know!

Alex
The topic has been locked.
Support Specialist
13 years 11 months ago #23928 by alzander
Actually... I think that also means the first statement isn't really getting executed at all.. so the first says "Really, send back this file", but then the next statement redirects the user altogether.

Honestly though, I don't believe Google (or other search engines) distinguish between https and http as different content. Could be wrong though, but that hasn't been an issue for us. Since 99+% of our external links go to our home page in non-https form, I don't think it's an issue at all.

Alex
The topic has been locked.
Active Subscriptions:

None
13 years 11 months ago #23930 by Ludwig von Mises
I think you're right, the search engines are smarter than we think. They know that http and https duplicates are not intentional, and they know that mysite.com and mysite.com/index.php are not real duplicate content pages that should be penalized. However, I like avoiding messes in Bing and Google Webmaster Tools and decided to do the redirects just to be on the safe side.

The good news is the fact that Facebook doesn't seem to mind being redirected from https to http! :D
The topic has been locked.
  1. Forum
  3. Discontinued Products
  5. JFBConnect Joomla 2.5 Support (CLOSED)
  7. SOLVED: Using SSL and https ONLY for Facebook
From the Blog
Facebook | Twitter | LinkedIn | Blog RSS