How to Redirect HTTP to HTTPS on Apache

HTTP (Hyper Text Transfer Protocol) is a popular as well as the fundamental protocol for data communication on the World Wide Web (WWW); typically between a web browser and the server which stores web files. Whereas HTTPS is the secure version of HTTP, where the ‘S‘ at the end stands for ‘Secure‘.

Using HTTPS, all data between your browser and the web server are encrypted thus secure. This tutorial will show you how to redirect HTTP to HTTPS on Apache HTTP server in Linux.

Before you can set up an Apache HTTP to HTTPS redirect for your domain, make sure you have SSL certificate installed and mod_rewrite is enabled in Apache. For more information on how to setup SSL on Apache, see following guides.

  1. How to Create Self-Signed SSL Certificates and Keys for Apache
  2. How to Install Let’s Encrypt SSL Certificate on CentOS/RHEL 7
  3. How to Install Let’s Encrypt SSL Certificate on Debian/Ubuntu

Redirect HTTP to HTTPS on Apache Using .htaccess File

For this method, make sure mod_rewrite is enabled, otherwise enable it like this on Ubuntu/Debian systems.

$ sudo a2enmod rewrite	[Ubuntu/Debian]

For CentOS/RHEL users, ensure that your have the following line in httpd.conf (mod_rewrite support – enabled by default).

LoadModule rewrite_module modules/mod_rewrite.so

Now you just need to edit or create .htaccess file in your domain root directory and add these lines to redirect http to https.

RewriteEngine On 
RewriteCond %{HTTPS}  !=on 
RewriteRule ^/?(.*) https://%{SERVER_NAME}/\ [R,L] 

Now, when a visitor types http://www.yourdomain.com the server will automatically redirect HTTP to HTTPS https://www.yourdomain.com.

Redirect HTTP to HTTPS on Apache Virtual Host

Additionally, to force all web traffic to use HTTPS, you can also configure your virtual host file. Normally, there are two important sections of a virtual host configurations if an SSL certificate is enabled; the first contains configurations for the non-secure port 80.

The second is for the secure port 443. To redirect HTTP to HTTPS for all the pages of your website, first open the appropriate virtual host file. Then modify it by adding the configuration below.

NameVirtualHost *:80
<VirtualHost *:80>
   ServerName www.yourdomain.com
   Redirect / https://www.yourdomain.com
</VirtualHost>

<VirtualHost _default_:443>
   ServerName www.yourdomain.com
   DocumentRoot /usr/local/apache2/htdocs
   SSLEngine On
# etc...
</VirtualHost>

Save and close the file, then restart the HTTP sever like this.

$ sudo systemctl restart apache2     [Ubuntu/Debian]
$ sudo systemctl restart httpd	     [RHEL/CentOS]

While the <VirtualHost> is the most recommended solution because it is simpler and safer.

You may like to read these useful assortment of Apache HTTP server security hardening articles:

  1. 25 Useful Apache ‘.htaccess’ Tricks to Secure and Customize Websites
  2. How to Password Protect Web Directories in Apache Using .htaccess File
  3. How to Hide Apache Version Number and Other Sensitive Info
  4. Protect Apache Against Brute Force or DDoS Attacks Using Mod_Security and Mod_evasive

That’s all! To share any thoughts concerning this guide, make use of the feedback form below. And remember to always stay connected to Tecmint.com.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Aaron Kili
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

14 Comments

Leave a Reply
  1. Also, if you using LetsEncrypt certification, add this before redirect rule:

    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^\.well-known/.+ - [END]
    
    Reply
  2. Thank you for the info. This helped me set up HTTP to HTTPS redirects in OS X 10.14 Mojave. Apple has moved away from its own implementation with OSX 10.14 Mojave, and OSX 10.15 Catalina, so you have to install open-source Apache to get web services working. I had experience deploying Apache in Linux, but not familiar with the steps that were required to get it working on an OSX platform.

    Here is what you need to do for OSX 10.14 Mojave:

    1) Enable Apache on OSX:

    # sudo -s
    # cd /private/etc/apache2
    # cp ./httpd.conf ./httpd.conf.bak
    # apachectl start
    

    2) Modify /private/etc/apache2/httpd.conf file:

    ## Uncomment the following lines:
    LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so
    LoadModule ssl_module lib/httpd/modules/mod_ssl.so
    LoadModule alias_module libexec/apache2/mod_alias.so
    Include /private/etc/apache2/extra/httpd-ssl.conf
    Includ /private/etc/apache2/extra/httpd-vhosts.conf
    ##Change the following lines to the folder path where the web files are located:
    DocumentRoot "/Library/WebServer/Documents/xxxx"
    

    3) Modify /private/etc/apache2/httpd-ssl.conf file:

    # cp ./httpd-ssl.conf ./httpd-ssl.conf.bak
    

    Add following:

    Listen 443
    SSLEngine on
    
    ##Change the following lines to the folder path where the SSL certificate and key are located:
    SSLCertificateFile "/private/etc/apache2/server.crt"
    SSLCertificateKeyFiel "/private/etc/apache2/server.key"
    

    4) Modify /private/etc/apache2/httpd-vhosts.conf file.

    # cp ./httpd-vhost.conf ./httpd-vhost.conf.bak
    

    Add following:

    <VirtualHost *:80>
      ServerName Server.domainname.com
      Redirect permanent / https://server.domainname.com
    </VirtualHost>
    <VirtualHost *:443>
      ServerAdmin [email protected]
      DocumentRoot "/Library/WebServer/Document/xxxx"
      ServerName server.domainname.com
      SSLcertificateFile "/private/etc/apache2/server.crt
      SSLCertificateKeyFile "/private/etc/apache2/server.key"
      ErrorLog /private/var/log/apache2/server-error_log
      CustomLog /private/vart/log/apache2/server-access_log common
    </VirtualHost>
    

    5) Test the Apache configuration for errors after restarting Apache.

    # apachectl configtest
    httpd -v (Apache Version)
    

    6) Restart apache.

    # apachectl start / stop / restart
    
    Reply
    • Correction to step 2)

      Modify /private/etc/apache2/httpd.conf file:

      ##Change the following lines to the folder path where the web files are located:

      DocumentRoot "/Library/WebServer/Documents/xxxx"
      Directory "/Library/WebServer/Documents/xxxxx"
      
      Reply
  3. I found that when it comes to the Apache configuration, this worked better –

    Redirect / https://example.com/
    

    The IfModule ensures that your site will be live even if you have forgotten to enable SSL (a. this happened to me that may not necessarily be a BAD thing)

    the / at the end of the domain ensures that if you are giving it a full path, it will follow the path.

    Reply
  4. I can’t help but think this article could use a bit more detail. Especially when it comes to explaining what is happening in the configuration files. Perhaps comments to explain what each line is acutely doing.

    Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.