Add guide for enabling HTTPS on different platforms

[Sazwanismail]

User description

Added comprehensive guide for enabling HTTPS on various hosting platforms including shared hosting, WordPress, Cloudflare, VPS, and others. Included step-by-step instructions and important post-activation checks. Berikut adalah langkah-langkah tambahan dan lanjutan yang perlu anda lakukan selepas SSL berjaya diaktifkan untuk memastikan laman web www.sazwan.fairbase.com benar-benar selamat, optimum, dan tiada ralat:

1. Selesaikan Masalah "Mixed Content" (Penting) Walaupun SSL sudah aktif, laman web mungkin masih menunjukkan amaran ⚠️ "Not Secure" jika ada gambar, CSS, atau skrip yang masih dimuatkan melalui http://.

• Cara Semak: Buka laman web → Tekan F12 → Klik tab Console. Cari ralat Mixed Content.
• Penyelesaian WordPress: Pasang plugin Better Search Replace. Cari http://www.sazwan.fairbase.com dan gantikan dengan https://www.sazwan.fairbase.com dalam seluruh pangkalan data (backup dahulu!).
• Penyelesaian Manual: Periksa kod tema atau widget yang menggunakan pautan luar (external links) yang tidak menyokong HTTPS.

2. Kemas Kini Google Search Console & Analytics Google menganggap http:// dan https:// sebagai dua entiti berbeza.

• Log masuk ke Google Search Console.
• Tambah properti baharu: https://www.sazwan.fairbase.com.
• Hantar semula Sitemap.xml versi HTTPS.
• Kemas kini tetapan Google Analytics 4 (GA4) supaya URL lalai ditukar kepada HTTPS agar data pelawat tidak terpecah.

3. Aktifkan HSTS (HTTP Strict Transport Security) HSTS memaksa pelayar web untuk sentiasa menggunakan HTTPS dan mengelakkan serangan downgrade.

• Di cPanel: Beberapa hosting menyediakan butang "Enable HSTS" di halaman SSL/TLS Status.
• Melalui .htaccess (Jika tiada di cPanel): Tambah baris ini di bawah kod redirect HTTPS tadi:

  Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

  ⚠️ Amaran: Pastikan SSL berfungsi 100% tanpa ralat sebelum mengaktifkan HSTS. Jika SSL mati semasa HSTS aktif, pelawat tidak akan boleh mengakses laman langsung selama tempoh max-age.

4. Semak Sijil Subdomain & Wildcard

Anda menyebut www.sazwan.fairbase.com. Pastikan sijil juga meliputi domain utama tanpa www:

• Di SSL/TLS Status, pastikan kedua-dua sazwan.fairbase.com DAN www.sazwan.fairbase.com mempunyai padlock hijau.
• Jika hanya satu yang hijau, tandakan kedua-duanya dan klik Run AutoSSL semula.

5. Tetapkan Auto-Renewal & Pemantauan

Sijil Let's Encrypt/AutoSSL biasanya sah selama 90 hari.

• Semak Auto-Renewal: Di cPanel → SSL/TLS Status, pastikan domain tersebut TIDAK ditandakan sebagai "Excluded from AutoSSL".
• Uji Renewal Secara Manual: Klik "Run AutoSSL" sebulan sekali untuk memastikan proses pembaharuan berjalan lancar.
• Pemantauan Percuma: Daftar di UptimeRobot atau SSL Mate untuk menerima e-mel amaran 30 hari sebelum sijil tamat tempoh.

6. Uji Gred Keselamatan SSL

Jangan anggap SSL aktif = SSL selamat. Konfigurasi lemah boleh mendapat gred C atau F.

• Layari SSL Labs Test.
• Masukkan www.sazwan.fairbase.com.
• Sasarkan gred A atau A+. Jika dapat B atau lebih rendah, laporan itu akan memberitahu tepat apa yang perlu dibaiki (contoh: TLS 1.0/1.1 perlu dilumpuhkan, cipher lemah, dll).

---

Senarai Semak Ringkas Pasca-Aktivasi

Tugas	Status
Redirect HTTP → HTTPS berfungsi	☐
Tiada Mixed Content di Console	☐
Kedua-dua www & non-www mempunyai SSL	☐
Google Search Console dikemas kini	☐
HSTS diaktifkan (pilihan tetapi disyorkan)	☐
Gred SSL Labs ≥ A	☐

Adakah anda mahu saya bantu dengan mana-mana langkah spesifik di atas? Contohnya, saya boleh berikan arahan terperinci untuk menggantikan pautan Mixed Content dalam WordPress atau konfigurasi HSTS yang selamat untuk server anda. Here is a comprehensive guide to enabling HTTPS across the most common web platforms. Since you previously asked in Malay, this guide is provided in Bahasa Melayu for consistency, covering platforms beyond cPanel.

1. WordPress (Self-Hosted)

Selepas SSL dipasang di server/hosting:

1. Pasang plugin Really Simple SSL atau WP Force SSL.
2. Aktifkan plugin → Klik "Go ahead, activate SSL".
3. Plugin akan menukar URL laman secara automatik dan menyelesaikan mixed content.
4. Manual (tanpa plugin): Pergi ke Tetapan > Umum → Tukar "Alamat WordPress" dan "Alamat Laman" daripada http:// kepada https://.
5. Tambah kod ini dalam wp-config.php untuk memaksa SSL di dashboard: php define('FORCE_SSL_ADMIN', true);

---

2. Blogger / Blogspot

Blogger menyediakan SSL percuma secara terbina dalam:

1. Log masuk ke Blogger Dashboard.
2. Pergi ke Tetapan (Settings) → Bahagian HTTPS.
3. Hidupkan "Kesediaan HTTPS" (HTTPS Availability).
4. Tunggu status bertukar kepada "Sijil sedang diproses" → Kemudian "Aktif".
5. Hidupkan "Pengalihan HTTPS" (HTTPS Redirect) untuk memaksa semua trafik ke HTTPS.
6. ⚠️ Jika status kekal "Tidak Tersedia": Buang semua widget/gambar yang menggunakan http:// luaran, kemudian cuba lagi selepas 24 jam.

---

3. VPS / Server Sendiri (Ubuntu/Debian + Nginx/Apache) Gunakan Certbot (Let's Encrypt) – percuma & auto-renew:

Nginx:

sudo apt update && sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d domain.com -d www.domain.com
# Uji auto-renewal:
sudo certbot renew --dry-run

Apache:

sudo apt update && sudo apt install certbot python3-certbot-apache
sudo certbot --apache -d domain.com -d www.domain.com
sudo certbot renew --dry-run

Docker / Reverse Proxy (Caddy):
Caddy mengaktifkan HTTPS secara automatik tanpa sebarang konfigurasi tambahan:

www.sazwan.fairbase.com {
    reverse_proxy localhost:8080
}

---

4. Cloudflare (CDN / Proxy)

Sesuai jika domain sudah di-proxy melalui Cloudflare:

1. Login ke Cloudflare Dashboard → Pilih domain.
2. Pergi ke SSL/TLS → Overview.
3. Tetapkan mod enkripsi:
   • Full (Strict) ← Disyorkan (server asal mesti ada SSL sah)
   • Full ← Server asal ada SSL tapi self-signed
   • ❌ Flexible ← Elakkan (boleh menyebabkan redirect loop)
4. Pergi ke Edge Certificates → Aktifkan:
   • ✅ Always Use HTTPS
   • ✅ Automatic HTTPS Rewrites
   • ✅ HSTS (pilihan, selepas yakin SSL stabil)

---

5. Platform E-Commerce & Website Builder

Platform	Cara Aktifkan HTTPS	Nota Penting
Shopify	Automatik. Pergi ke Online Store > Domains → Klik "Activate SSL".	Ambil masa 48 jam selepas domain disambungkan.

---

6. Localhost / Development Environment

Untuk tujuan pembangunan sahaja, bukan produksi:

# Menggunakan mkcert (disyorkan – dipercayai oleh pelayar tempatan)
brew install mkcert        # macOS
mkcert -install
mkcert localhost 127.0.0.1 ::1

# Atau menggunakan Caddy (auto-SSL untuk localhost)
caddy file-server --listen :443

---

⚠️ Senarai Semak Universal (Semua Platform)

Tidak kira platform apa pun, sentiasa lakukan perkara ini selepas mengaktifkan HTTPS:

1. ✅ Uji redirect: Taip http://domain.com → Mesti bertukar ke https://
2. ✅ Semak Mixed Content: F12 → Console → Tiada amaran kuning/merah
3. ✅ Verifikasi sijil: Klik 🔒 di address bar → Sijil sah & belum tamat tempoh
4. ✅ Uji gred keselamatan: ssllabs.com/ssltest → Sasarkan A atau A+
5. ✅ Kemas kini Search Console: Tambah properti HTTPS baharu + hantar sitemap semula

💡 Petua: Jika anda memberitahu saya platform spesifik yang anda gunakan, saya boleh berikan arahan yang lebih terperinci dan tepat untuk situasi anda.

---

CodeAnt-AI Description

Add a guide for enabling HTTPS across common hosting platforms

What Changed

• Adds step-by-step instructions for turning on HTTPS on shared hosting, WordPress, Cloudflare, VPS, and popular hosted platforms
• Explains what to do after SSL is active, including forcing HTTP to HTTPS, fixing mixed content, updating search tools, and checking certificate validity
• Includes a cPanel-focused walkthrough for activating free SSL and verifying that the site opens with a secure lock icon

Impact

✅ Easier HTTPS setup
✅ Fewer insecure site warnings
✅ Clearer post-SSL setup checks

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[changeset-bot]

⚠️ No Changeset found

Latest commit: cc0565e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[codeant-ai]

---

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

[gemini-code-assist]

Code Review

This pull request adds a guide on enabling HTTPS (SSL) across different hosting platforms. Feedback includes renaming the file to include a proper .md extension, cleaning up duplicate concatenated drafts and conversational filler within the document, and ensuring that package installation commands are preceded by a package index update.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.