TinkerTry's .htaccess file for no www, no trailing slashes, and all https

Posted by Paul Braren on Jun 27 2015 in
  • Network
  • Security
  • WebDesign
  • I make no claims to be an expert in .htaccess syntax. Back on March 22, 2015, I quietly:

    • changed from http to https (and dropped the www and trailing slashes)
    • changed from WordPress CMS to Kirby Flat-File CMS
    • changed web hosting providers for TinkerTry.com

    This article focuses is on that first bullet, and what that change meant for my 4 year old .htaccess file that was full of cruft. Time for a fresh start.

    CloudwaysApplication

    To prepare, I reached out to Cloudways for help, my new web hosting provider. They run my Debian/Apache/NGINX/PHP instance on DigitalOcean SSDs, and helped me get just the right syntax that has the fewest redirects. Any mistakes in .htaccess can completely break an entire site instantly, so messing with any line of it is not something to be taken lightly. This sort of surgery is best left for periods of light traffic, and a rapid roll-back plan..

    Ultimately, it was Azfar's help that made all the difference, support hero over at Cloudways. He helped customize the implementation based on the article What can I do with .htaccess file? in the Cloudways Support Center - Tips & Tricks department.

    My unique constraints were a bit unusual. You see, I was changing my URL anyway. So why not go through 3 changes at once? You know, rip the bandage off quickly. Little did I know how little I would find, when I set out to Googling for anybody who had done the exact same thing. Silly me, that makes me want to do it even more. I enjoy a challenge, but don't particularly enjoy coding.

    So with persistence and a bit of trial-and-error, coupled with me doing a LOT of testing to ensure all was well with my visitors, together, we prevailed. Successfully moved from:

    http://www.tinkertry.com/
    over to
    https://tinkertry.com

    This article is not about all the HOW and the WHY you move from http to https, nor is it about the inevitable cleanup needed after such major changes, such as handling browser mixed-content warnings through coding changes by your web developer, or handling changes to your CDN for https images, ideally parallelized for SPDY now and HTTP/2 soon. I also won't be getting into the bad things that can happen with Disqus and social sharing buttons, DNS changes, or WordPress base URL changes. All way out of scope.

    This article is about others interested in learning from my exact scenario, and the .htaccess code that helped me avoid dreaded 404 errors, when I went and did the 3 changes to my URL structure that I'd been thinking about doing for years:

    1. remove the leading www (looks old-school, not required for CDN anymore)
    2. remove the trailing slash (might not be a great idea, more below), but gizmodo.com does it
    3. change from http to https

    Sounds simple, right? It wasn't. The key is that many articles at stackoverflow and GitHub and the like would tell me how to handle one or two of these URL redirects, but not how to do all three. When combined, bad things would happen, just the nature of RewriteRules.

    That's exactly why I happily share with you my solution, running successfully on this site since April 8, 2015, perhaps helping others avoid the consternation I went through.

    Note that I'm not using WordPress, thus, I'm not using plugins like W3 Total Cache which modify .htaccess, so this article may or may not pertain to your situation. I would strongly suggest you make a copy of your existing .htaccess file before considering testing this on a non-production staging site, gaining confidence that it works. Then save a backup of the new one too, just in case something breaks it later on (plug-ins, web hosting support staff, etc.).

    Here's the top, relevant portion of TinkerTry's .htaccess file

    Use this at your own risk, if you know what you are doing, I cannot be your free support plan. Please change all of the "tinkertry.com" instances to your site's URL before attempting to use this as the new first section of your .htaccess file!

    You may use this code for whatever you wish, I only ask that attribution via a link to this original article be included:
    https://tinkertry.com/htaccess-for-no-www-no-trailing-slashes-all-https

    #### This redirect method handles all browsers properly including IE, avoids redirect requests for /robots.txt
    #### Published at TinkerTry.com by Paul Braren
    #### BEGIN remove trailing slash, remove www, change http to https - by Azfar of Cloudways on Apr 08 2015
    RewriteEngine On
    ## (1) remove trailing slash
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{THE_REQUEST} \s(.+?)/+[?\s]
    RewriteRule ^(.*)/$ https://tinkertry.com/$1 [R=301,L]
    ## (2) remove www
    RewriteCond %{HTTP_HOST} ^www\.
    RewriteRule ^(.*)$ https://tinkertry.com/$1 [L,R=301]
    ## (3) change http to https
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteRule ^(.*)$ https://tinkertry.com/$1 [L,R=301]
    #### END
    

    Test your browsers afterward

    I ran test scripts against the live site, ensuring all visitor's browsers worked without fail, especially important if you also implement HSTS (HTTP Strict Transport Security). I used private/incognito mode to try to caching effects, and HSTS related 307 internal redirects.

    Why is this important? If people are on other sites, but find a link to an article you wrote long ago, with the old URL structure, you sure don't want them to get a 404 error when they click that link. You also want the article to come up fast. Avoiding a 301 redirect chain or multiple redirects where possible, to help with speed.

    Here's the contents of my tinkertryurltest.cmd file, tested on Windows 8.1, and works well. It will need a manual search and replace to change the site name. If you're looking ahead to Windows 10 already, you'll also want to add a new section to handle the upcoming Microsoft Edge Browser (currently still called spartan.exe in the previews).

    ::by Paul Braren at TinkerTry.com
    start iexplore.exe -private http://www.tinkertry.com/
    timeout /t 2
    start iexplore.exe -private http://www.tinkertry.com
    timeout /t 2
    start iexplore.exe -private https://www.tinkertry.com/
    timeout /t 2
    start iexplore.exe -private https://www.tinkertry.com
    timeout /t 2
    start iexplore.exe -private http://tinkertry.com/
    timeout /t 2
    start iexplore.exe -private http://tinkertry.com
    timeout /t 2
    start iexplore.exe -private https://tinkertry.com/
    timeout /t 2
    start iexplore.exe -private https://tinkertry.com
    timeout /t 2
    start iexplore.exe -private http://www.tinkertry.com/download-windows-10/
    timeout /t 2
    start iexplore.exe -private http://www.tinkertry.com/download-windows-10
    timeout /t 2
    start iexplore.exe -private https://www.tinkertry.com/download-windows-10/
    timeout /t 2
    start iexplore.exe -private https://www.tinkertry.com/download-windows-10
    timeout /t 2
    start iexplore.exe -private http://tinkertry.com/download-windows-10/
    timeout /t 2
    start iexplore.exe -private http://tinkertry.com/download-windows-10
    timeout /t 2
    start iexplore.exe -private https://tinkertry.com/download-windows-10/
    timeout /t 2
    start iexplore.exe -private https://tinkertry.com/download-windows-10
    timeout /t 2
    start chrome.exe -incognito http://www.tinkertry.com/
    timeout /t 2
    start chrome.exe -incognito http://www.tinkertry.com
    timeout /t 2
    start chrome.exe -incognito https://www.tinkertry.com/
    timeout /t 2
    start chrome.exe -incognito https://www.tinkertry.com
    timeout /t 2
    start chrome.exe -incognito http://tinkertry.com/
    timeout /t 2
    start chrome.exe -incognito http://tinkertry.com
    timeout /t 2
    start chrome.exe -incognito https://tinkertry.com/
    timeout /t 2
    start chrome.exe -incognito https://tinkertry.com
    timeout /t 2
    start chrome.exe -incognito http://www.tinkertry.com/download-windows-10/
    timeout /t 2
    start chrome.exe -incognito http://www.tinkertry.com/download-windows-10
    timeout /t 2
    start chrome.exe -incognito https://www.tinkertry.com/download-windows-10/
    timeout /t 2
    start chrome.exe -incognito https://www.tinkertry.com/download-windows-10
    timeout /t 2
    start chrome.exe -incognito http://tinkertry.com/download-windows-10/
    timeout /t 2
    start chrome.exe -incognito http://tinkertry.com/download-windows-10
    timeout /t 2
    start chrome.exe -incognito https://tinkertry.com/download-windows-10/
    timeout /t 2
    start chrome.exe -incognito https://tinkertry.com/download-windows-10
    timeout /t 2
    start firefox.exe -private-window http://www.tinkertry.com/
    timeout /t 2
    start firefox.exe -private-window http://www.tinkertry.com
    timeout /t 2
    start firefox.exe -private-window https://www.tinkertry.com/
    timeout /t 2
    start firefox.exe -private-window https://www.tinkertry.com
    timeout /t 2
    start firefox.exe -private-window http://tinkertry.com/
    timeout /t 2
    start firefox.exe -private-window http://tinkertry.com
    timeout /t 2
    start firefox.exe -private-window https://tinkertry.com/
    timeout /t 2
    start firefox.exe -private-window https://tinkertry.com
    timeout /t 2
    start firefox.exe -private-window http://www.tinkertry.com/download-windows-10/
    timeout /t 2
    start firefox.exe -private-window http://www.tinkertry.com/download-windows-10
    timeout /t 2
    start firefox.exe -private-window https://www.tinkertry.com/download-windows-10/
    timeout /t 2
    start firefox.exe -private-window https://www.tinkertry.com/download-windows-10
    timeout /t 2
    start firefox.exe -private-window http://tinkertry.com/download-windows-10/
    timeout /t 2
    start firefox.exe -private-window http://tinkertry.com/download-windows-10
    timeout /t 2
    start firefox.exe -private-window https://tinkertry.com/download-windows-10/
    timeout /t 2
    start firefox.exe -private-window https://tinkertry.com/download-windows-10
    

    I make no claim this is article is perfect. That's why I post it publicly, to learn from those with far more expertise than I, who are also willing to leave constructive feedback. I'm merely sharing what works for TinkerTry, freely, on a best-effort basis.

    Please refrain from running this script unmodified against tinkertry.com. Instead, first replace tinkertry.com with your URL, before running it against your site.

    If you do some manual curl testing and find flaws, or have a way to get this SAME set of 3 URL tweaks done with even fewer redirects (and even less CPU load), by all means, drop a comment below and let us all know, no login required!

    See also


    JUN 27 2015 7:10pm Update

    In response to this article, a good point on Twitter by Jackson:

    @paulbraren Nice article on htaccess. Could be a performance hit though since Apache checks it on every HTTP request. Can work though!

    See also Speed up Apache by including htaccess files into httpd.conf

    Managed hosting like Cloudways has the benefit of somebody else dealing with the server configuration issues, including NGINX changes. While Cloudways support is responsive and generally handled requests rather quickly, it's still a challenge to coordinate every little tweak, versus being able to edit my own .htaccess at will with instant results or rollback.

    That said, Cloudways and I did try going down that road, editing config files on the web server side, and we had issues getting it all to work properly.

    The CPU is experiencing very little load handling 130,000 page views per month, using CDN for images, and kirby caching for static content. Page load speeds are also consistent, at least 2x faster than WordPress, with many visitors enjoying sub second page loads for the first time ever. All on a mere $15/month hosting plan that costs less than 1/2 of what I paid before. So gave up worrying about redirects for a bit, to focus on writing about my usual topics again.

    I'm am always open to suggestions, particularly specific code snippets to try, as I get ready to move to Cloudways integrated CDN, then, once Cloudways supports it, HTTP/2, to fully parallelize image loads for even faster page load times.