There are many queries making rounds on the internet asking ‘how to add SSL in Yii 2’ and ‘make the Yii 2 site start using https by default’ etc. In this tutorial, I am going to teach how to add a Let’s Encrypt SSL certificate on your domain and then point your Yii 2 site to HTTPS.
Before getting started, you’ll need to have a clear idea about what is Let’s Encrypt and how it works on Cloudways. Head over to my article on this topic to get familiar with it: Installing Let’s Encrypt SSL on custom PHP site.
Adding Your Domain On Cloudways
If you haven’t installed Yii 2 on Cloudways yet, go read this guide: Installing Yii 2 on cloud. After installation of Yii 2, let’s add your primary domain on your Yii 2 application first because it’s necessary to have a primary domain before you add an SSL certificate on your site. Let’s get started.
First, Login to your Cloudways Platform and the head over to your Yii 2 application. Now on the Application Management window, click on Domain Management in the sidebar menu.
Add your Primary Domain in the Domain Management window and click on Save Changes.
Once you’ve clicked on Save Changes, wait for Cloudways to add a domain for you.
Now head to your domain and you will see that your Yii 2 application is there.
Now that you have added your primary domain successfully, let’s install Let’s Encrypt Free SSL on your Yii 2 application.
Installing Let’s Encrypt SSL in Yii 2
Now in the sidebar menu, click on SSL Certificate.
In the form, add your email address and your Yii 2 application domain. If you want to add the certificate for www as well, click on Domain Alias and click on Install Certificate.
Wait for Cloudways to install one certificate for your domain.
Once the installation is finished, select Yes so that certificate will renew automatically and click on Save Changes.
Cloudways will update your auto-renewal settings now. Once the process is complete, head to your browser and open the Yii2 application URL with HTTPS.
We have now installed SSL for our Yii2 application. Let’s make some changes so that it always redirects to https whenever our application is opened in any browser.
Redirecting Yii2 Application To HTTPs
What we need to do is to create a .htaccess file inside basic/web folder and will create a rule in it which will redirect Yii2 site to HTTPS automatically. Let’s get started with that:
Head to Server Management on Cloudways console and click Launch SSH Terminal button. In the SSH terminal, login with your Master Credentials.
On the terminal, type the following command to reach your application folder:
cd applications/<Folder Name>/public_html/basic/web/
Now in this folder type the following command to create a .htaccess file:
vim .htaccess
It will create a blank file. Press “i” to start editing the file and then paste the following code in it:
<Files ~ "^\.(htaccess|htpasswd)$"> deny from all </Files> #Redirect HTTP to HTTPS RewriteEngine On RewriteCond %{HTTPS} off RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Once you paste the code press Esc and type :wq to save and exit the file. Close the terminal and head to the browser and type your site’s URL without adding https in it. You will see that your site will successfully be redirected to https automatically.
Stop Wasting Time on Servers
Cloudways handle server management for you so you can focus on creating great apps and keeping your clients happy.
Conclusion
We learned how to add an SSL certificate in Yii 2 and force Yii 2 to HTTPS in this article. I’m hoping that everything was clear and understandable. If, however, you were unable to understand anything or want more info on, leave a comment below and I will try to solve your problem promptly.
Shahzeb Ahmed
Shahzeb is a Digital Marketer with a Software Engineering background, works as a Community Manager — PHP Community at Cloudways. He is growth ambitious and aims to learn & share information about PHP & Laravel Development through practice and experimentation. He loves to travel and explore new ideas whenever he finds time. Get in touch with him at [email protected]