Can I use Cloudflare to look like multiple websites from one website? - cloudflare

I'm a Cloudflare noob. I have had one site up and running for a while as a way of doing https for my site. I host it on http://www.pishandtish.com (made up name for this example) and through the joys of Cloudflare the world sees it as https://www.pishandtish.com - around the back, Cloudflare is fetching the content from my http://www.pishandtish.com site and proxying it to the world as https://www.pishandtish.com
Pretty straightforward stuff - Cloudflare is proxying my content.
But if, say, I had http://foo.pishandtish.com and http://bar.pishandtish.com, could I use Cloudflare for the rest of the world to see my http://foo.pishandtish.com as https://foo.com, and my http://bar.pishandtish.com as https://bar.com ? (i.e. a way of a cheapskate to do two websites on a single-website hosting plan)
And if so, any clues as to how? Some sort of request rewriting? And can I do it on the free Cloudflare plan?
These are just for very small (zero budget) community groups, and very-low-traffic sites.

OK, what I think you'd need here is for Cloudflare to re-write the Host header of the http request, so that my request for something from foo.com looks like a request for foo.pishandtish.com by the time it arrives at my website (proxied and host-header-rewritten by Cloudflare).
Host-rewriting is a feature for domains on the Cloudflare Enterprise plan.
https://support.cloudflare.com/hc/en-us/articles/206652947-Using-Page-Rules-to-Re-Write-Host-Headers

Related

How to change the http into https for my domain name?

I recently bought a domain name at OVH for an app I hosted on Heroku. I then paid for the dynos in order to set an automatic SSL certificate.
Everything seems to me working fine:
Domain Status Last Updated
─────────── ─────────── ────────────
mpjrigot.eu Cert issued 2 minutes
mpjrigot.fr Cert issued 2 minutes
But my URL is still in HTTP. What am I missing?
EDIT
I'm using React.js for this app
I also have a Ruby on Rails back but for nom i'm keeping that on the heroku.app, works fine
2nd EDIT
Using react-https-redirect, force-https or react-ssl-redirect...
Basically, chrome tells me that "this is not a safe space", and that this is a fake https that might want to steal the user's passwords and stuff
So I got an SSL that is set on my HerokuApp,
I got a domain on OVH that points to the IP of the app
But the http isn't secure somehow
I really think I missed something obvious as I'm new to this...
You can add HTTPS to your app with the following methods.
Method1 (Recommended)
Since, you're using rails for the backend, you can configure your rails app to always use HTTPS.
in your production.rb add
config.force_ssl = true
More Info: https://help.heroku.com/J2R1S4T8/can-heroku-force-an-application-to-use-ssl-tls
ActionDispatch SSL: https://api.rubyonrails.org/v6.1.4/classes/ActionDispatch/SSL.html
Method2 (Easy Setup)
You can also signup for cloudflare's free plan and easily setup https redirects with cloudflare's 'Always Use HTTPS' or 'Automatic HTTPS Rewrites' feature.
The 'Always Use HTTPS' feature will redirect all http requests on your site to https address.
The 'Automatic HTTP Rewrites' feature will change the HTTP links on your site to HTTPS links.
More Info here:
Always use HTTPS: https://blog.cloudflare.com/how-to-make-your-site-https-only
Automatic HTTPS: https://www.cloudflare.com/website-optimization/automatic-https-rewrite/
Cloudflare's SSL: https://www.cloudflare.com/ssl/
cloudflare dashboard
What am I missing?
Heroku provides a certificate, so you should be able to access your application using https://. However it does not redirect HTTP requests to HTTPS for you:
Redirects need to be performed at the application level as the Heroku router does not provide this functionality. You should code the redirect logic into your application.
Exactly how you do that depends on the language and libraries or framework that you are using. Several common examples are listed in the link I provided above.
If you edit your question to tell us what technology you have used to build your application I'll be happy to add those details to this answer. In case you are using Scala, please see How to disable HTTP requests on Heroku and/or auto-redirect to HTTPS?
solution
I eventually read about Heroku needing a specific host that takes in the address they tell you to point to when setting a domain name...
So I switched to Gandi for my domain name and set the ALIAS to point to said adress
Works like a charm

Upgrading to SSL when site is public and all backlinks are Http

I use BlueHost for LearnInternetGrow.com and I have all www addresses being redirected to non www. I did this so that my organic search results would start with my domain name.
I recently set up SSL for the site but may not keep it in the long run.
I have backlinks that are hard coded with http://learninternetgrow.com. I want to redirect all types of variations of the address
(http://learninternetgrow.com http://www.learninternetgrow.com https://www.learninternetgrow.com)
to https://learninternetgrow.com. I want to do it this way so that if I get rid of SSL (which comes with a premium) I don't have to get Google to recrawl the site and redo all the backlinks.
I feel like my logic may be faulty. Has anyone used a 301 redirect to send all traffic to a secure version of their site. I started without SSL because the site is just a blog without any sign ins, but I read that SEO can get a boost if I use SSL. So this is really a test to see if the premium is worth the SEO bump. If it isn't I will get rid of it but I want to minimize the work necessary for this test.
Please let me know if you have done a similar test and how you did it. If you started with an http site and upgraded to TLS (SSL) how did you go about doing it without hurting your organic traffic.
The main questions is - When upgrading to SSL on WordPress, should one redirect to Https at the server level or change wordpress settings - WordPRess address URL to https:// or should I do both.
To get that "boost" your https but do done properly :
301 (permanent) redirect
Avoid mixed content
So you need to change the wordpress address in the settings to avoid mixed content, and add the 301 redirect directly in the server configuration if possible.
Wait at least 2 week before start looking for a boots. The boost will be small but don't forget :
https is not about SEO boost, it's about security of your visitor and integrity of your website (some ISP inject ads inside http websites...)

Temporary redirect during server maintenance (https to http)

I'm coming to you because I'm stuck on the following problem:
I have a website, hosted on a server on which I will be doing messy maintenance stuff (understand I'm not sure what I'm doing so I might crash everything).
I'd like to temporarily redirect all the traffic to a simle page stating the website is undermaintenance and will be back soon.
So this page must be hosted on another server, since mine will be down.
To make matters more complicated, I have an ssl certificate on my whole website, so most of my users have the https adress memorized in their browser (and that's also what's memorized by google).
I've tried hosting the simple page on a free hosting, and also on microsoft azure (because I already have an account for another web-project). However, i've encountered the same problem in both cases: the users coming to the website see big red flags from thei browsers, saying that the connexion isn't private. (ERR_CERT_COMMON_NAME_INVALID)
What would be the proper way to proceed and redirect my users in a smooth way?
Thanks in advance!
Rouli

SSL Site Setup HTML not making sense

I have been searching the internet for two days and I am stuck. I understand that I can purchase an SSL certificate to make my site work for HTTPS so that it is more secure and all that jazz.
My question is do I have to do anything special on the HTML/PHP pages I create for this site, like some PHP call to open a session, or does the fact that there is an SSL Cert on the server mean I don't have to change anything on the HTML pages?
Sorry if this is a dumb question, but I can't find the answer anywhere.
Its primary the setup of the server, e.g. that you have to make the site accessible by SSL (port etc) and configure the certificates.
But maybe you need to make adjustments to your HTML etc too, so that all resources (images, script, css..) will be loaded by SSL too, e.g. all these includes should be either be done with site-relative links or with explicite https:// links. In case the site gets served with both https and http you might also use protocol-relative links, e.g. //www.example.com/index.html will be served with http if the current protocol is http and with https if you currently use https.

Moving website from HTTP to fully HTTPS and SEO implications

Alright, you think that this might be one of the most asked question on the internet, and you're tired reading the exact same answers. So let's focus on one of the most common answer, and forget about the others.
One of the common answer is:
"The https-site and the http-site are two completely different sites;
it’s a little bit like having a www version of the site and a non-www
version. Make sure you have 301 redirects from the http URLs to the
https ones." (source:
http://www.seomoz.org/ugc/seo-for-https-with-s-like-secure)
So here's my question:
Why are people saying that https and http are two different websites? How different is https://www.mydomain.com from http://www.mydomain.com?
The URI is the same and the content is the same. Only the protocol changes.
Why would the protocol have any impact on SEO? Whether or not the content is encrypted from point A to point B, why would that matter SEO wise?
Thanks for your help!
-H
Http and https could technically be two different sites. You could configure your server to server completely different content. They have two different urls (the difference being that s).
That being said, almost all webmasters with both http and https serve nearly identical content whether the site is secure or not. Google recognizes this and allows you to run both at the same time without having to fear duplicate content penalties.
If you are moving from one one to another, you should treat it similarly to other url changes.
Put 301 redirects in place so that each page gets properly redirected to the same content at its new url
Register both versions in Google Webmaster Tools
I have not personally done this switch, but it should be doable without problems. I have made other types of sitewide url changes without problems in the last couple years.
The other alternative would be to run both http and https at the same time and switch users over more gradually. As they log in, for example.
Update to above answer as on August 2014, Google has just confirmed that sites secured by SSL will start getting a ranking boost. Check official statement here: http://googlewebmastercentral.blogspot.in/2014/08/https-as-ranking-signal.html
Don't think about it in terms of protocol. Think about it in terms of potentiality from a search engines point of view.
http://example.com and http://www.example.com can be completely different sites.
http://example.com/ and http://www.example.com/home can be completely different pages.
https://www.example.com and http://www.example.com can, again, be completely different sites.
In addition to this, https pages have a very hard time ranking. google etc.
If your entire site is https and pops an SSL certificate to an HTTP request, G views them as secure and that they're https for a reason. It's sometimes not very clever in this regard. If you have secure product or category pages, for instance, they simply will not rank compared to competitors. I have seen this time and again.
In recent months, it is becoming very clear Google will gently force webmasters to move to HTTPS.
Why are people saying that https and http are two different websites?
How different is www.mydomain.com from
www.mydomain.com?
Answer: Use the site: operator to find duplicate content. Go to a browser and type:
site:http://example-domain.com
and
site:https://example-domain.com
If you see both versions indexed in Google or other search engines they are duplicates. You must redirect the HTTP version to the HTTPS version to avoid diluting your websites authority and a possible penalty from Google's Panda algorithm.
Why would the protocol have any impact on SEO?
Answer:
For ecommerce websites, Google will not rank them well without being
secure. They do not want users to get their bank info etc stolen.
Google will be giving ranking boosts to sites that move to HTTPS in
the future. Although it is not a large ranking signal now, it could
become larger.
The guys at Google Chrome have submitted a proposal to dish out
warnings to users for ALL websites not using HTTPS. Yes, I know it
sounds crazy, but check
this out.
Info taken from this guide on how to move to HTTPS without killing your rank.
Recently, if SSL is inactive in Firefox browser, it shows an error. You must enable SSL and redirect the URL to HTTPS 301