How to Redirect HTTP to HTTPS on Apache

HTTP (Hyper Text Transfer Protocol) is a popular as well as the fundamental protocol for data communication on the World Wide Web (WWW); typically between a web browser and the server which stores web files. Whereas HTTPS is the secure version of HTTP, where the ‘S‘ at the end stands for ‘Secure‘.

Using HTTPS, all data between your browser and the web server are encrypted thus secure. This tutorial will show you how to redirect HTTP to HTTPS on Apache HTTP server in Linux.

Before you can set up an Apache HTTP to HTTPS redirect for your domain, make sure you have SSL certificate installed and mod_rewrite is enabled in Apache. For more information on how to setup SSL on Apache, see following guides.

  1. How to Create Self-Signed SSL Certificates and Keys for Apache
  2. How to Install Let’s Encrypt SSL Certificate on CentOS/RHEL 7
  3. How to Install Let’s Encrypt SSL Certificate on Debian/Ubuntu

Redirect HTTP to HTTPS on Apache Using .htaccess File

For this method, make sure mod_rewrite is enabled, otherwise enable it like this on Ubuntu/Debian systems.

$ sudo a2enmod rewrite	[Ubuntu/Debian]

For CentOS/RHEL users, ensure that your have the following line in httpd.conf (mod_rewrite support – enabled by default).

LoadModule rewrite_module modules/mod_rewrite.so

Now you just need to edit or create .htaccess file in your domain root directory and add these lines to redirect http to https.

RewriteEngine On 
RewriteCond %{HTTPS}  !=on 
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] 

Now, when a visitor types http://www.yourdomain.com the server will automatically redirect HTTP to HTTPS https://www.yourdomain.com.

Redirect HTTP to HTTPS on Apache Virtual Host

Additionally, to force all web traffic to use HTTPS, you can also configure your virtual host file. Normally, there are two important sections of a virtual host configurations if an SSL certificate is enabled; the first contains configurations for the non-secure port 80.

The second is for the secure port 443. To redirect HTTP to HTTPS for all the pages of your website, first open the appropriate virtual host file. Then modify it by adding the configuration below.

NameVirtualHost *:80
<VirtualHost *:80>
   ServerName www.yourdomain.com
   Redirect / https://www.yourdomain.com
</VirtualHost>

<VirtualHost _default_:443>
   ServerName www.yourdomain.com
   DocumentRoot /usr/local/apache2/htdocs
   SSLEngine On
# etc...
</VirtualHost>

Save and close the file, then restart the HTTP sever like this.

$ sudo systemctl restart apache2     [Ubuntu/Debian]
$ sudo systemctl restart httpd	     [RHEL/CentOS]

While the <VirtualHost> is the most recommended solution because it is simpler and safer.

You may like to read these useful assortment of Apache HTTP server security hardening articles:

  1. 25 Useful Apache ‘.htaccess’ Tricks to Secure and Customize Websites
  2. How to Password Protect Web Directories in Apache Using .htaccess File
  3. How to Hide Apache Version Number and Other Sensitive Info
  4. Protect Apache Against Brute Force or DDoS Attacks Using Mod_Security and Mod_evasive

That’s all! To share any thoughts concerning this guide, make use of the feedback form below. And remember to always stay connected to Tecmint.com.

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

8 Responses

  1. Suchetha says:

    I found that when it comes to the Apache configuration, this worked better –

    Redirect / https://example.com/
    

    The IfModule ensures that your site will be live even if you have forgotten to enable SSL (a. this happened to me that may not necessarily be a BAD thing)

    the / at the end of the domain ensures that if you are giving it a full path, it will follow the path.

  2. Troy Strauch says:

    I’m assuming that port 443 would also need to be opened up on your firewall for traffic to get through. Is this correct?

  3. Mike R. says:

    Don’t you have to point to the location of your certificates?

  4. Neil says:

    You are missing the slash after the domain name.

    Redirect / https://www.yourdomain.com/

  5. Brian says:

    I can’t help but think this article could use a bit more detail. Especially when it comes to explaining what is happening in the configuration files. Perhaps comments to explain what each line is acutely doing.

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.