This site is set up on IBM Cloud and built using Jekyll. The previous posts in the Journey to Jekyll with IBM Cloud/ Bluemix have covered bits about getting started. In the previous post in this series, we saw how to secure the site using an SSL certificate from ZeroSSL.

One of the things that we missed at that time was that the site could now be accessed using HTTP and HTTPS – we had added HTTPS but not really removed HTTP. In this post, we see how you solve that by adding the environment variable FORCE_HTTPS and setting it to true in the IBM Cloud Console for your application’s runtime.

Remember that we are using the Staticfile Buildpack and deploy the site to IBM Cloud after preparing it with Jekyll. The steps here are only required to be done in the IBM Cloud Console.

Step-by-Step

These are the steps:

1. Log in to the IBM Cloud Console and go to the apps page that shows the resources
2. Click on your application (it should be under ‘Cloud Foundry Apps’) on that page so that you go to the dedicated page for your app
3. In the menu on the left, click on the ‘Runtime’ item
   
4. On the top of the panel that comes up, click on ‘Environment variables’
5. In the section titles ‘User defined variables’ click on ‘Add’ and add a varaible called FORCE_HTTPS with the value true
   
6. Click on Save
7. Restart the runtime by clicking on Actions (top right) and ‘Restart’
   

Once the restart is completed, you should find that even if you go to an HTTP URL on the website, it will automatically redirect you to the HTTPS page.

Notes:

1. I tried to add force_https: true to the Staticfile file which is supposed to help with the configuration but that did not take effect as we needed it to. Adding it to the Environment Variable did work.
2. Documentation about the Staticfile Buildpack configuration explains this and other variables.
3. The documentation about FORCE_HTTPS has this warning: Do not enable FORCE_HTTPS if you have a proxy server or load balancer loops, for example, if you use Flexible SSL with CloudFlare.