How to Redirect HTTP to HTTPS on Apache

HTTP (Hyper Text Transfer Protocol) is a popular as well as the fundamental protocol for data communication on the World Wide Web (WWW); typically between a web browser and the server which stores web files. Whereas HTTPS is the secure version of HTTP, where the ‘S‘ at the end stands for ‘Secure‘.

Using HTTPS, all data between your browser and the web server are encrypted thus secure. This tutorial will show you how to redirect HTTP to HTTPS on Apache HTTP server in Linux.

Before you can set up an Apache HTTP to HTTPS redirect for your domain, make sure you have SSL certificate installed and mod_rewrite is enabled in Apache. For more information on how to setup SSL on Apache, see following guides.

  1. How to Create Self-Signed SSL Certificates and Keys for Apache
  2. How to Install Let’s Encrypt SSL Certificate on CentOS/RHEL 7
  3. How to Install Let’s Encrypt SSL Certificate on Debian/Ubuntu

Redirect HTTP to HTTPS on Apache Using .htaccess File

For this method, make sure mod_rewrite is enabled, otherwise enable it like this on Ubuntu/Debian systems.

$ sudo a2enmod rewrite	[Ubuntu/Debian]

For CentOS/RHEL users, ensure that your have the following line in httpd.conf (mod_rewrite support – enabled by default).

LoadModule rewrite_module modules/mod_rewrite.so

Now you just need to edit or create .htaccess file in your domain root directory and add these lines to redirect http to https.

RewriteEngine On 
RewriteCond %{HTTPS}  !=on 
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] 

Now, when a visitor types http://www.yourdomain.com the server will automatically redirect HTTP to HTTPS https://www.yourdomain.com.

Redirect HTTP to HTTPS on Apache Virtual Host

Additionally, to force all web traffic to use HTTPS, you can also configure your virtual host file. Normally, there are two important sections of a virtual host configurations if an SSL certificate is enabled; the first contains configurations for the non-secure port 80.

The second is for the secure port 443. To redirect HTTP to HTTPS for all the pages of your website, first open the appropriate virtual host file. Then modify it by adding the configuration below.

NameVirtualHost *:80
<VirtualHost *:80>
   ServerName www.yourdomain.com
   Redirect / https://www.yourdomain.com
</VirtualHost>

<VirtualHost _default_:443>
   ServerName www.yourdomain.com
   DocumentRoot /usr/local/apache2/htdocs
   SSLEngine On
# etc...
</VirtualHost>

Save and close the file, then restart the HTTP sever like this.

$ sudo systemctl restart apache2     [Ubuntu/Debian]
$ sudo systemctl restart httpd	     [RHEL/CentOS]

While the <VirtualHost> is the most recommended solution because it is simpler and safer.

You may like to read these useful assortment of Apache HTTP server security hardening articles:

  1. 25 Useful Apache ‘.htaccess’ Tricks to Secure and Customize Websites
  2. How to Password Protect Web Directories in Apache Using .htaccess File
  3. How to Hide Apache Version Number and Other Sensitive Info
  4. Protect Apache Against Brute Force or DDoS Attacks Using Mod_Security and Mod_evasive

That’s all! To share any thoughts concerning this guide, make use of the feedback form below. And remember to always stay connected to Tecmint.com.

If you liked this article, then do subscribe to email alerts for Linux tutorials. If you have any questions or doubts? do ask for help in the comments section.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

13 thoughts on “How to Redirect HTTP to HTTPS on Apache”

  1. Also, if you using LetsEncrypt certification, add this before redirect rule:

    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^\.well-known/.+ - [END]
    
    Reply
  2. Thank you for the info. This helped me set up HTTP to HTTPS redirects in OS X 10.14 Mojave. Apple has moved away from its own implementation with OSX 10.14 Mojave, and OSX 10.15 Catalina, so you have to install open-source Apache to get web services working. I had experience deploying Apache in Linux, but not familiar with the steps that were required to get it working on an OSX platform.

    Here is what you need to do for OSX 10.14 Mojave:

    1) Enable Apache on OSX:

    # sudo -s
    # cd /private/etc/apache2
    # cp ./httpd.conf ./httpd.conf.bak
    # apachectl start
    

    2) Modify /private/etc/apache2/httpd.conf file:

    ## Uncomment the following lines:
    LoadModule socache_shmcb_module lib/httpd/modules/mod_socache_shmcb.so
    LoadModule ssl_module lib/httpd/modules/mod_ssl.so
    LoadModule alias_module libexec/apache2/mod_alias.so
    Include /private/etc/apache2/extra/httpd-ssl.conf
    Includ /private/etc/apache2/extra/httpd-vhosts.conf
    ##Change the following lines to the folder path where the web files are located:
    DocumentRoot "/Library/WebServer/Documents/xxxx"
    

    3) Modify /private/etc/apache2/httpd-ssl.conf file:

    # cp ./httpd-ssl.conf ./httpd-ssl.conf.bak
    

    Add following:

    Listen 443
    SSLEngine on
    
    ##Change the following lines to the folder path where the SSL certificate and key are located:
    SSLCertificateFile "/private/etc/apache2/server.crt"
    SSLCertificateKeyFiel "/private/etc/apache2/server.key"
    

    4) Modify /private/etc/apache2/httpd-vhosts.conf file.

    # cp ./httpd-vhost.conf ./httpd-vhost.conf.bak
    

    Add following:

    <VirtualHost *:80>
      ServerName Server.domainname.com
      Redirect permanent / https://server.domainname.com
    </VirtualHost>
    <VirtualHost *:443>
      ServerAdmin [email protected]
      DocumentRoot "/Library/WebServer/Document/xxxx"
      ServerName server.domainname.com
      SSLcertificateFile "/private/etc/apache2/server.crt
      SSLCertificateKeyFile "/private/etc/apache2/server.key"
      ErrorLog /private/var/log/apache2/server-error_log
      CustomLog /private/vart/log/apache2/server-access_log common
    </VirtualHost>
    

    5) Test the Apache configuration for errors after restarting Apache.

    # apachectl configtest
    httpd -v (Apache Version)
    

    6) Restart apache.

    # apachectl start / stop / restart
    
    Reply
    • Correction to step 2)

      Modify /private/etc/apache2/httpd.conf file:

      ##Change the following lines to the folder path where the web files are located:

      DocumentRoot "/Library/WebServer/Documents/xxxx"
      Directory "/Library/WebServer/Documents/xxxxx"
      
      Reply
  3. I found that when it comes to the Apache configuration, this worked better –

    Redirect / https://example.com/
    

    The IfModule ensures that your site will be live even if you have forgotten to enable SSL (a. this happened to me that may not necessarily be a BAD thing)

    the / at the end of the domain ensures that if you are giving it a full path, it will follow the path.

    Reply
  4. I can’t help but think this article could use a bit more detail. Especially when it comes to explaining what is happening in the configuration files. Perhaps comments to explain what each line is acutely doing.

    Reply

Leave a Reply to Brian Cancel reply

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.