How to automatically redirect HTTP to HTTPS on Apache servers?
Solution 1
I have actually followed this example and it worked for me :)
NameVirtualHost *:80
<VirtualHost *:80>
ServerName mysite.example.com
Redirect permanent / https://mysite.example.com/
</VirtualHost>
<VirtualHost _default_:443>
ServerName mysite.example.com
DocumentRoot /usr/local/apache2/htdocs
SSLEngine On
# etc...
</VirtualHost>
Then do:
/etc/init.d/httpd restart
Solution 2
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}
http://www.sslshopper.com/apache-redirect-http-to-https.html
or
http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html
Solution 3
Searched for apache redirect http to https
and landed here. This is what i did on ubuntu:
1) Enable modules
sudo a2enmod rewrite
sudo a2enmod ssl
2) Edit your site config
Edit file
/etc/apache2/sites-available/000-default.conf
Content should be:
<VirtualHost *:80>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile <path to your crt file>
SSLCertificateKeyFile <path to your private key file>
# Rest of your site config
# ...
</VirtualHost>
- Note that the SSL module requires certificate. you will need to specify existing one (if you bought one) or to generate a self-signed certificate by yourself.
3) Restart apache2
sudo service apache2 restart
Solution 4
Using mod_rewrite is not the recommended way instead use virtual host and redirect.
In case, if you are inclined to do using mod_rewrite:
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same
location but using HTTPS.
# i.e. http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in
# httpd.conf or .htaccess context
Reference: Httpd Wiki - RewriteHTTPToHTTPS
If you are looking for a 301 Permanent Redirect, then redirect flag should be as,
R=301
so the RewriteRule will be like,
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
Solution 5
Actually, your topic is belongs on https://serverfault.com/ but you can still try to check these .htaccess directives:
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*) https://%{HTTP_HOST}/$1
Related videos on Youtube
Deano
Updated on April 04, 2022Comments
-
Deano about 2 years
Environment Centos with apache
Trying to setup automatic redirection from http to https
From manage.mydomain.com --- To ---> https://manage.mydomain.com
I have tried adding the following to my httpd.conf but it didn't work
RewriteEngine on ReWriteCond %{SERVER_PORT} !^443$ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
Any ideas?
-
The Thirsty Ape over 10 yearsNote that this is only available if you have access to the VirtualHost file. It is the recommended method.
-
Suriyan Suresh over 10 yearsAfter changing this on httpd.conf, restart apache web server. so that it will reflect and clear your browser cache too.
-
Rick-Rainer Ludwig about 10 yearsThis method seems not to work with IE 11. When trying to open domain.com with a redirection to domain.com it is, but a second access to domain.com/folder leads into an error message that IE is not able to open the page. I cannot explain it, but I guess IE caches the redirect and has an issue by resolving the folder through the cache. Firefox works perfectly... I switched to the Rewrite solution by IdemeNaHavaj.
-
Deano almost 10 yearsI would like to report that this method didn't work for me with Ubuntu 12.4, however the proposed RewriteEngine answer did the trick.
-
spiritoo over 8 yearsThis is a better solution than the approved one, because it works even if you are behind an SSL offloader like Pound or BigIP. Those offloader will often pass all the traffic onto the same port,and the approved solution won't work in that specific case
-
Luke Madhanga over 8 years@spiritoo Not so. The Apache docs specifically say that this is one of those situations where you should not use mod_rewrite and should rather use Redirect: httpd.apache.org/docs/2.4/rewrite/avoid.html
-
spiritoo over 8 years@LukeMadhanga Apache docrecommands using Redirect for performance. But still, the RewriteEngine solution is better, in the sense of more generic, because it works even in the case I described (offloading). The goal of my comment is to provide every user the key to choose between the two answers. Some people want generic procedures (big corps), others want performance... it's a free choice.
-
Rebecca Dessonville over 8 yearsdo you have to do a restart? a reload is much less destructive and will bring in the new config file.
/etc/init.d/httpd reload
||service httpd reload
-
BPDESILVA almost 8 yearsThis is great, however, if you want to make it greater then add this [R=302,L,QSA] so any parameters are also passed to the secure page. It should look like: %{REQUEST_URI} [R=302,L,QSA]
-
Abel Callejo over 7 yearssince the purpose was to redirect it to the ssl mode, the line
DocumentRoot /usr/local/apache2/htdocs
is no longer needed -
kimbaudi over 7 yearsWhen redirecting everything you don't even need a DocumentRoot. So you can remove
DocumentRoot /usr/local/apache2/htdocs
inside<VirtualHost *:80>
. You still needDocumentRoot
inside<VirtualHost _default_:443>
Redirect Request to SSL -
Serkan almost 7 yearsI used these lines and when try to load page, response is "Failed to load resource: net::ERR_CONNECTION_REFUSED". What am i doing wrong?
-
Rayee Roded over 6 yearsNotice a great answer (see edit section) is here: serverfault.com/questions/120488/…
-
Volker E. over 6 years@SvetoslavMarinov This comment implies, "that
[QSA]
is automatically added when[R]
is used in this context and no?
is present in the rewritten URL so it's superfluous here". -
Leos Literak almost 6 years@Serkan - have you forgotten dash after [] section? I had infinite redirect there.
-
Bobort about 5 yearsThe problem with just using redirect is that if you put in the URL of any page in your website as HTTP, it will not redirect to HTTPS. Only the home/default/root/index page will. And, no, that's not good enough.
-
Sylvester Yao almost 4 yearsWork with Ubuntu 16.04 & Apache2. Thanks!
-
NomanJaved over 3 yearsFor ip address redirect myipaddress to myipaddress worked. Thanks.
-
MeSo2 over 3 yearsbe advised that you will lose all Facebook Likes when doing this -- provided you started collecting your Likes with a
http
connection! Use JavaScript instead:if (location.protocol !== 'https:') { location.replace('https:${location.href.substring(location.protocol.length)}'); }
-
mahyard about 3 yearsI got this: ERR_INVALID_REDIRECT. seems that parameters are not defined here.
-
jrh about 3 yearsNote that
NameVirtualHost
seems to be depreciated, This directive currently has no effect. -
jrh about 3 yearsI'm not sure why
Redirect permanent
is necessary, but on my test machine it only seemed to redirect ifpermanent
was enabled, otherwise it seems like the browser did not redirect. -
MeSo2 almost 3 yearsWarning!!! I do not recommend doing it using Apache. You will louse ALL Facebook Likes when doing this (provided you started collecting your Likes with an
http
connection! -
MeSo2 almost 3 yearsWarning!!! I do not recommend doing it using Apache. You will louse ALL Facebook Likes when doing this (provided you started collecting your Likes with an
http
connection! -
Tino almost 3 yearsWorked for me and was exactly what I was looking for as I did not want to use ModRewrite with Apache 2.4.38. The only difference is, that I used
<Location />
as the quotes are not needed there. (Not tested with the quotes.) -
Milan Babuškov over 2 yearsThis solution is much more robust when you have some nonstandard config. Thanks!
-
Jeremy Davis over 2 yearsOr marginally less typing and easier to rememeber; read the readme without extracting: zcat /usr/share/doc/apache2/README.Debian.gz
-
thd over 2 yearsThis solution works for me (Apache/2.4.41 + Ubuntu 20.04.3) but I get HTTP status code 302. How to get status code 301?
-
bfontaine almost 2 yearsI got ERR_INVALID_REDIRECT as well because it redirects to the litteral string
https://%{HTTP_HOST}%{REQUEST_URI}
. -
smac89 almost 2 years@bfontaine are you running your apache server behind a proxy? If
HTTP_HOST
is not being expanded, then it's likely due to the server not seeing theHost:
header in the request