Connecting via HTTPS


I don't like the idea of connecting via HTTP so I was wondering how I get my plone site to offer HTTPS. Should this not be default nowadays?


Plone sites are usually behind a classic Web server that provides https.
if you find all this a bit overwhelming, you can use a tool like ansible plone that will handle all this for you from a configuration file.

What have you tried? Are you stuck on something?

Do you have an SSL certificate?
Let's Encrypt can help you with this for free:

Another way is to use cloudflare, they give you their full universal ssl for free (read carefully to see if the security implications of using their ssl is ok to your use case).

Thanks guys, yes this is a bit overwhelming but sometimes you are just so keen to make progress that you skip some docs that are already there. From what I now understand, Plone doesn't offer https directly. You have to implement this by re-directing requests to through Apache. Its Apache that will then offer over https.

What I'm not so clear on, is whether Plone will still respond to 8080 (must do otherwise what would Apache redirect to?) which is clearly undesirable because someone that know the link http://X.X.X.X:8080/Plone can circumvent the Apache. Is it through the firewall that you control this scenario i.e. you allow the firewall to pass requests via port 80 to Apache which then redirects to 8080 and you block all external request to 8080?

I guess this is not a massive issue as my site is an intranet not open to the internet but there still could be risks via the intranet, particulalry when you have open wireless networks.

Thanks for you help guys.

you can setup a firewall on your computer to shutdown any port other than 80 and 443
keep an access for yourself to port 8080 since it's the only way to access the ZMI (Zope Management Interface) that is sometimes useful.

In case you dont know:
If you make a website with https and do not have a certificate, the users will get a message about your site not being safe / certificated. (ok, it can be turned off on each computer, but still… )

So this is probably the first to do. If you use apache you can set it up so it does all the certificate stuff for you. After that, the rest is easy, just open / enabling SSL / https ports.

If it sounds complicated to set up apache, I would consider to install webmin, then you get a UI to install, configure it etc.