[BlueOnyx:18600] Re: Force SSL

Chris Gebhardt - VIRTBIZ Internet cobaltfacts at virtbiz.com
Wed Oct 28 05:45:31 -05 2015 

Hi Maurice,

On 10/28/2015 3:53 AM, Maurice de Laat wrote:
> But would it be possible to have a new option in the GUI, per vsite,
> that automagically redirects
> http://vsite/whatever
> to
> https://vsite/whatever

I can understand there may be times for this to be necessary.   However, 
I think it's the rare exception (in my experience) and therefore might 
better be served with a quick addition to the site's .htaccess.

There are examples for doing so all over, but here is one:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

The overhead induced by forcing https is, in my opinion, generally not 
worth the trade-off.   You may not be aware, but https, when compared to 
"regular" http, can make the same page take 3 or 4 times as long to 
load.  This is due in part to the additional packets that have to be 
sent for each transaction, but also the increase in latency.

Also keep in mind that encryption relies on CPU, and you'll take even 
more of a performance hit if you're using older equipment.

Therefore, we tend to prefer using https connections selectively rather 
than hammering with a blanket rule for the entire site.

I know that's not the answer you're looking for, but I'd say that as a 
hosting appliance, I would tend to prefer leaving a forced https 
connection for hosted vsites out of the BlueOnyx core.   Keeping in mind 
we have a rather large number of dedicated server customers, it's my 
experience that in some cases the role of site creation is delegated to 
a developer, or someone who is less experienced with technical matters. 
   Those folks tend to check every option available in an effort to try 
and ensure a positive result when they set up a site.   We are 
frequently called to help diagnose performance problems that are often 
magically cured simply by whittling down the ticked checkboxes.

BlueOnyx is an appliance first, and therefore we should continue to 
carefully evaluate what serves the project and what might cause 
unnecessary bloat.   Since this is an issue that can be quickly resolved 
by dropping 2 or 3 lines into an .htaccess file, I'm not sure it is a 
good fit for the core.

Of course, that's just my 2 cents.  And given the rate of exchange, that 
may not be worth much.

-- 
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ

More information about the Blueonyx mailing list