This might sound like a stupid question to some, but I've only just noticed it while trying to implement an SSL certificate to my site.
There's a default value in the 'out of the box' .htaccess file:
# Rewrite "www.example.com -> example.com"
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
Am I right in thinking this code forces the removal of the www. part of the canonical links on my website?
If so - is this really best practice? Is that why the base_url example in the Config/App.php is http://example.com?
Secondly, as I mentioned, I'm trying to add this code to the .htaccess file to implement the SSL certificate and force https for every URL - but it's causing an error if I use www. (whereas it didn't cause an error before) and my speed tests are indicating redirects galore which is slowing everything down:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Is anyone able to point me in the right direction with the correct canonical link structure for the base_url in the Config/App.php file, whether I need to alter (or scrap) the first snippet of code, and how I can force https to work with my SSL certificate (and www. in my URLs).
I would much rather my URLs had the structure of https://www.example.com as opposed to https://example.com
Am I right in thinking this code forces the removal of the
www.
Yes, but only for HTTP (not HTTPS) requests, as governed by the first condition %{HTTPS} !=on.
If you are implementing HTTPS then you should remove the first condition and change the RewriteRule substitution string to redirect to https://.... But if you are wanting to redirect to www then you'll need to reverse the logic also:
# Redirect "example.com -> www.example.com"
# (In fact, redirect hostname that does not start "www.")
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Although, this particular method (as I've implied in the comment) will not necessarily work if you have other subdomains, unless you want all subdomains to have www sub-subdomains?!
Note that this is an external "redirect", not an internal "rewrite" as you'd stated in the comment.
If so - is this really best practice?
In terms of SEO or from a technical perspective? In terms of SEO there is no difference. Using a www subdomain can arguably have some technical benefits (isolating cookies and staging sites, etc.) - although this is mostly a matter of opinion and depends on your environment. It is really up to you. For some domain names, using a www subdomain just looks cumbersome.
But what is important is that you choose one or the other and redirect to the canonical URL in order to avoid potential duplicate content issues.
Using the domain apex (ie. no www subdomain) is simply CodeIgniters default.
force https for every URL - but it's causing an error if I use
www.
To clarify, the SSL cert you implement must include both the domain apex, ie. exmaple.com and the www subdomain, ie. www.example.com. Otherwise, you will naturally get browser security warnings when requesting the "other" (non-SSL) hostname.
RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
This code is generally OK to force HTTP to HTTPS (providing the SSL cert is installed on your application server, ie. you're not using a front-end SSL proxy or non-standard implementation). However, the order you put this rule in relation to the rule above will depend on whether you intend to implement HSTS or not.
If you are intending to implement HSTS then you will need to redirect to HTTPS on the same host first, before the redirect to www. This will result in an unavoidable double redirect when requesting the non-canonical http://example.com/ (but that is not "bad").
For example:
# 1. Redirect to HTTPS on the same host
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# 2. Redirect to non-www to www
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
If, however, you are not intending to implement HSTS then you can reverse the two rules above and get at most one redirect for any non-canonical URL request.
You need to update the CodeIgniter base_url to match your preference of www or not.