Force https:// and www. with virtual host apache2
Solution 1
This worked for me, you can test it on my domain if you like.
<VirtualHost *:80>
ServerName freesoftwareservers.com
ServerAlias *.freesoftwareservers.com
Redirect / https://www.freesoftwareservers.com/
</VirtualHost>
<VirtualHost *:443>
ServerName freesoftwareservers.com
ServerAlias *.freesoftwareservers.com
I had issues re-implementing this, and found that if I deleted 000-default.conf symlink from /sites-enabled it worked. Not sure whats the deal, but I have 0 other DNS records on the DNS side and my Apache does all the redirecting and it works.
Solution 2
You need three redirects to do what you want:
http://example.com
to https://www.example.com
http://www.example.com
to https://www.example.com
https://example.com
to https://www.example.com
The first two are from port 80 plain HTTP so you have a VirtualHost for them. You can make a VirtualHost section apply to more than one hostname (www.example.com and example.com) by having a ServerAlias section:
# Redirect http://example.com and http://www.example.com to main site
<VirtualHost *:80>
ServerName www.example.com
ServerAlias example.com
Redirect / https://www.example.com/
</VirtualHost >
Then, you need a VirtualHost for your https://example.com only. HTTPS uses port 443:
# Redirect https://example.com to main site
<VirtualHost *:443>
ServerName example.com
Redirect / https://www.example.com/
</VirtualHost >
Note: you'll need to set up your SSL settings there too, with a certificate that supports BOTH the domain with and without the "www.". Setting up your SSL settings is outside the scope of this question. (Added info: these can be two separate certificates if you like; it's becoming more common to have lots of separate certs now we have things like Let's Encrypt and SNI)
If you don't have an SSL certificate that supports your domain without the "www." then you won't be able to do the redirect from https://example.com
. The redirect will only happen after the browser checks the certificate. The user would be presented with a mismatched certificate error.
Then, finally, you need your VirtualHost section for the "valid" site: HTTPS (port 443) on www.example.com:
# Main site
<VirtualHost *:443>
ServerName www.example.com
# Put all your configuration for this site here
</VirtualHost >
Once you have tested your redirects and you're happy they are working, you can make them permanent by specifying the 301 status in the redirect (change Redirect / https://www.example.com/
to Redirect 301 / https://www.example.com/
everywhere), and by enabling HSTS which forces users' browsers to remember the preference for HTTPS.
Solution 3
To add to thomasrutter's answer, I still had a problem when I was doing what he suggested. Sometimes you may need to add in the SSL info to the https://example.com virtual host. For instance when you're using SNI to allow multiple ssl certificates per ipaddress.
With out it you may get the ssl_error_rx_record_too_long error, since the server will be returning plain text to the https request.
# Redirect https://example.com to main site
<VirtualHost *:443>
ServerName example.com
Redirect / https://www.example.com/
#for Apache Old Style (Valid on Apache <= 2.4.8) - just add in whats needed for your version
SSLEngine on
SSLCertificateFile "your certificate file.crt"
SSLCertificateKeyFile "your key file.key"
SSLCertificateChainFile "your chain file.crt"
</VirtualHost >
Related videos on Youtube
Comments
-
Edward over 1 year
I've been looking everywhere for a solution to be able to force https ://www in front of all my URL's using virtual host. This is what I currently have in my 000-default.conf file:
<VirtualHost *:80> ServerName www.domain.com Redirect / https://www.domain.com/ </VirtualHost >
That means all www. would redirect to https ://www.
Now I'm missing the code to redirect all/any other forms of URL to https://www. using the same concept (not RewriteEngine because Apache suggests not to use RewriteEngine on simple redirects).
For example:
- http ://domain.com
- http ://www.domain.com
- https ://domain.com
they would all go to => https://www.domain.com
If someone can point me in the right direction, that would be great!
-
FreeSoftwareServers almost 9 yearsGood job not using mod_rewrite, Quote from Apache Doc "mod_rewrite should be considered a last resort, when other alternatives are found wanting. Using it when there are simpler alternatives leads to configurations which are confusing, fragile, and hard to maintain. Understanding what other alternatives are available is a very important step towards mod_rewrite mastery."
-
FreeSoftwareServers almost 9 years"The most common situation in which mod_rewrite is the right tool is when the very best solution requires access to the server configuration files, and you don't have that access."
-
Edward almost 9 yearsNot sure if it's just me but https:// domain.com is not redirecting to https:// www.domain.com.
-
FreeSoftwareServers almost 9 yearson my website? or yours?
-
FreeSoftwareServers almost 9 yearsmake sure to try from an outside source, like your cell on 4G not from inside LAN. as this is always best way to test access for apache-configs, if that works, the issue lies in DNS or cache probably
-
Edward almost 9 yearsOn my site and nope, I tried it with my phone and it doesn't work either.
-
Edward almost 9 yearsYes, I did but it's not working. Seems a little bit odd...
-
FreeSoftwareServers almost 9 yearssudo service apache2 restart -- just checking lol, if not maybe give it some time? But mine worked right away.
-
Edward almost 9 yearsYes I did that as well... wow this is weird haha
-
FreeSoftwareServers almost 9 yearsBTW Im not editing the default conf, im editing a /etc/apache2/sites-available/freesoftwareservers.conf && sudo a2ensite freesoftwareservers.conf && sudo service apache2 restart -- I have redirects inside each virtual host, and all my hosts are virtual, there is no "main" host, as i find that confusing. But that can lead to SSL issues ive had with sites trying to use my first Virtual Host SSL, still debugging that issue.
-
Edward almost 9 yearsOkay, I just put it in my /sites-available/000-default.conf file. That should work, not sure though.
-
thomasrutter almost 9 yearsThis configuration doesn't redirect
https://example.com
tohttps://www.example.com
, it just has both of them serve the site. -
FreeSoftwareServers almost 9 yearsI can confirm that this worked for me as well, but I am curious why my previous answer worked for me as well? Could it have to do with my CNAME?
-
FreeSoftwareServers almost 9 yearsAlso can you share a link on why I would want to use 301 and how to implement HSTS, although I have noticed that without 301 and HSTS, when I try to access my site via an incorrect configuration Chrome will say this site usually uses HSTS and you can not proceed, but I can bypass that screen in Firefox. Ive never configured past my examples below tbh
-
thomasrutter almost 9 years301 means permanent redirect. Benefits include: search engines record the destination as the new home of the content, users' browsers remember the redirect for next time, etc. HSTS tells browser to use HTTPS only next time, it's good for security as it helps prevent downgrade attacks if you've visited the site before. If you need help setting those up, please do ask a new question.
-
Amit Bera over 7 yearsah.. you give me.. some relex
-
Sam over 7 years@thomasrutter you've made my day !!!! I've been searching for a few days why my non-www to www redirection over HTTPS was taking more time than over HTTP. In fact I had misconfigured it. I forgot to add the SSL settings in the redirection vhost too ! Thanks !
-
Thomas Ward about 7 yearsYou should always define the SSL parameters and arguments for the non-www virtual host block, because of the way that SSL operates; SNI may be a "thing" but it still depends on proper certs being served, so it's always better to specify this than not.
-
Ghassan Zein over 6 yearsThis is the correct answer! Works for all cases!
-
thomasrutter almost 5 yearsSorry if my answer was confusing, for the *:443 host I didn't include the SSL configuration in the example as it was just an incomplete example intended to show just the redirect, but I did mention you have to include it in text underneath the example.