SiteHost

SSL Support

SSL provides a secure connection between your web containers and your visitors' web browsers. You can easily improve the security of websites running inside your web containers by enabling SSL and thus allowing data to be transmitted securely.

You can read more information about SSL on the Transport Layer Security Wikipedia page.

Managing SSL Certificates for a Web Container

Enabling SSL on one of your web containers is as easy as clicking a button, consider the following steps:

  1. When logged in to the SiteHost Control Panel, click the Containers module from the menu on the left.
  2. Click the Container Label you wish to enable SSL for.
  3. On the Container's management page for a web Container, you should see a SSL section near the bottom of the page.
  4. Hit the Enable button to issue a SSL certificate. Once enabled, you can easily disable SSL by clicking the Disable button.

Frequently Asked Questions

How does SSL work on my web container?

We have integrated our Cloud Container platform with LetsEncrypt, a free, automated and open certificate authority. This allows us to very quickly and easily request SSL certificates to be issued for your web containers with no additional cost.

You can read more about LetsEncrypt on their official website.

Can I use my own SSL certificate?

Yes, simply send through an email to us at support@sitehost.co.nz and we can either supply you with a brand new SSL certificate or if you already have a certificate we'll be happy to set this up for you.

For additional information on purchasing a SSL certificate from us, please see our SSL Certificate pricing page.

How can I enforce HTTPS on my web container?

With Cloud Containers the traditional approach to redirection may not work, because all of the requests are served by a reverse proxy. Instead, we recommend leveraging the X-Forwarded-Proto header; modify your web server configuration files as follows:

Apache

For containers running Apache webserver:

RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

For example, with a default Apache based website container, the 000-default.conf file can be modified with these lines to force such redirection:

SetEnvIf X-Forwarded-Proto https HTTPS=on

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

You can find this file in your home directory, inside the configuration folder: config/apache2/sites-available/ Alternatively, the same instructions can be instead added to your base .htaccess file in your public directory.

For containers running Nginx add the following to server directive:

if ($http_x_forwarded_proto != 'https') {
    rewrite ^ https://$host$request_uri? permanent;
}

Nginx

For example for a Nginx container the configuration will look something like the below:

server {
    listen 80 default_server;

    # Your other config here.
    # and here...

    if ($http_x_forwarded_proto != 'https') {
        rewrite ^ https://$host$request_uri? permanent;
    }
}

.NET/ASP.NET

For containers running our .NET Core + SDK 6 / 7 images, you'll need to configure the web server to allow proxy connections and set up URL rewriting. The following changes will need to be made to the file that will configure your web application. For our example, we'll be using an Umbraco project.

public void ConfigureServices(IServiceCollection services)
{
    // Set up what configurations we need to make to the service
    services.Configure<ForwardedHeadersOptions>(options =>
    {
        // Sets the expected Forward headers
        options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
        // Both functions allows any local network or proxy to connect
        options.KnownNetworks.Clear();
        options.KnownProxies.Clear();
    });
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
    // This adds the forwarded headers from above.
    app.UseForwardedHeaders();

    // Enforces HTTPS redirection
    app.UseHttpsRedirection();

    // Adds our own rewriter that uses the IISUrlRewrite.xml file
    app.UseRewriter(new RewriteOptions().AddIISUrlRewrite(env.ContentRootFileProvider, "IISUrlRewrite.xml"));
}

Next we'll need to create a new xml file that will have our rewriting rules. We'll call it IISUrlRewrite.xml for our example.

<?xml version="1.0" encoding="utf-8" ?>
<rewrite>
  <rules>
    <rule name="Redirect to HTTPS" stopProcessing="true">
      <match url=".*" />
      <conditions>
        <add input="{HTTPS}" pattern="^OFF$" />
        <add input="{HTTP_HOST}" pattern="^localhost(:[0-9]+)?$" negate="true" />
      </conditions>
      <action type="Redirect" url="https://{HTTP_HOST}/{R:0}" />
    </rule>
  </rules>
</rewrite>

You can find out more about rewriting URLs from Microsoft's ASP.NET documentation.

After this, you'll want to include the file into your project via editing the .csproj file and adding the following lines.

<ItemGroup>
  <Content Include="IISUrlRewrite.xml">
    <CopyToOutputDirectory>Always</CopyToOutputDirectory>
  </Content>
</ItemGroup>

The containers must be rebooted for the change to take place: log into the SiteHost control panel, find the container you have modified the configuration of and press the Reboot button.