How to automatically redirect HTTP to HTTPS on Apache servers?

linux apache .htaccess webserver httpd.conf

377,418

Solution 1

I have actually followed this example and it worked for me :)

NameVirtualHost *:80
<VirtualHost *:80>
   ServerName mysite.example.com
   Redirect permanent / https://mysite.example.com/
</VirtualHost>

<VirtualHost _default_:443>
   ServerName mysite.example.com
  DocumentRoot /usr/local/apache2/htdocs
  SSLEngine On
 # etc...
</VirtualHost>

Then do:

/etc/init.d/httpd restart

Solution 2

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}

http://www.sslshopper.com/apache-redirect-http-to-https.html

http://www.cyberciti.biz/tips/howto-apache-force-https-secure-connections.html

Solution 3

Searched for apache redirect http to https and landed here. This is what i did on ubuntu:

1) Enable modules

sudo a2enmod rewrite
sudo a2enmod ssl

2) Edit your site config

Edit file

/etc/apache2/sites-available/000-default.conf

Content should be:

<VirtualHost *:80>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile    <path to your crt file>
    SSLCertificateKeyFile   <path to your private key file>

    # Rest of your site config
    # ...
</VirtualHost>

Note that the SSL module requires certificate. you will need to specify existing one (if you bought one) or to generate a self-signed certificate by yourself.

3) Restart apache2

sudo service apache2 restart

Solution 4

Using mod_rewrite is not the recommended way instead use virtual host and redirect.

In case, if you are inclined to do using mod_rewrite:

RewriteEngine On
# This will enable the Rewrite capabilities

RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS

RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same 
location but using HTTPS.
# i.e.  http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in
# httpd.conf or .htaccess context

Reference: Httpd Wiki - RewriteHTTPToHTTPS

If you are looking for a 301 Permanent Redirect, then redirect flag should be as,

 R=301

so the RewriteRule will be like,

RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]

Solution 5

Actually, your topic is belongs on https://serverfault.com/ but you can still try to check these .htaccess directives:

RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*) https://%{HTTP_HOST}/$1

View more solutions

377,418

Deano

Updated on April 04, 2022

Comments

Deano about 2 years

Environment Centos with apache

Trying to setup automatic redirection from http to https

From manage.mydomain.com --- To ---> https://manage.mydomain.com

I have tried adding the following to my httpd.conf but it didn't work

 RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]

Any ideas?

The Thirsty Ape over 10 years

Note that this is only available if you have access to the VirtualHost file. It is the recommended method.
Suriyan Suresh over 10 years

After changing this on httpd.conf, restart apache web server. so that it will reflect and clear your browser cache too.
Rick-Rainer Ludwig about 10 years

This method seems not to work with IE 11. When trying to open domain.com with a redirection to domain.com it is, but a second access to domain.com/folder leads into an error message that IE is not able to open the page. I cannot explain it, but I guess IE caches the redirect and has an issue by resolving the folder through the cache. Firefox works perfectly... I switched to the Rewrite solution by IdemeNaHavaj.
Deano almost 10 years

I would like to report that this method didn't work for me with Ubuntu 12.4, however the proposed RewriteEngine answer did the trick.
spiritoo over 8 years

This is a better solution than the approved one, because it works even if you are behind an SSL offloader like Pound or BigIP. Those offloader will often pass all the traffic onto the same port,and the approved solution won't work in that specific case
Luke Madhanga over 8 years

@spiritoo Not so. The Apache docs specifically say that this is one of those situations where you should not use mod_rewrite and should rather use Redirect: httpd.apache.org/docs/2.4/rewrite/avoid.html
spiritoo over 8 years

@LukeMadhanga Apache docrecommands using Redirect for performance. But still, the RewriteEngine solution is better, in the sense of more generic, because it works even in the case I described (offloading). The goal of my comment is to provide every user the key to choose between the two answers. Some people want generic procedures (big corps), others want performance... it's a free choice.
Rebecca Dessonville over 8 years

do you have to do a restart? a reload is much less destructive and will bring in the new config file. /etc/init.d/httpd reload || service httpd reload
BPDESILVA almost 8 years

This is great, however, if you want to make it greater then add this [R=302,L,QSA] so any parameters are also passed to the secure page. It should look like: %{REQUEST_URI} [R=302,L,QSA]
Abel Callejo over 7 years

since the purpose was to redirect it to the ssl mode, the line DocumentRoot /usr/local/apache2/htdocs is no longer needed
kimbaudi over 7 years

When redirecting everything you don't even need a DocumentRoot. So you can remove DocumentRoot /usr/local/apache2/htdocs inside <VirtualHost *:80>. You still need DocumentRoot inside <VirtualHost _default_:443> Redirect Request to SSL
Serkan almost 7 years

I used these lines and when try to load page, response is "Failed to load resource: net::ERR_CONNECTION_REFUSED". What am i doing wrong?
Rayee Roded over 6 years

Notice a great answer (see edit section) is here: serverfault.com/questions/120488/…
Volker E. over 6 years

@SvetoslavMarinov This comment implies, "that [QSA] is automatically added when [R] is used in this context and no ? is present in the rewritten URL so it's superfluous here".
Leos Literak almost 6 years

@Serkan - have you forgotten dash after [] section? I had infinite redirect there.
Bobort about 5 years

The problem with just using redirect is that if you put in the URL of any page in your website as HTTP, it will not redirect to HTTPS. Only the home/default/root/index page will. And, no, that's not good enough.
Sylvester Yao almost 4 years

Work with Ubuntu 16.04 & Apache2. Thanks!
NomanJaved over 3 years

For ip address redirect myipaddress to myipaddress worked. Thanks.
MeSo2 over 3 years

be advised that you will lose all Facebook Likes when doing this -- provided you started collecting your Likes with a http connection! Use JavaScript instead: if (location.protocol !== 'https:') { location.replace('https:${location.href.substring(location.p‌rotocol.length)}'); }
mahyard about 3 years

I got this: ERR_INVALID_REDIRECT. seems that parameters are not defined here.
jrh about 3 years

Note that NameVirtualHost seems to be depreciated, This directive currently has no effect.
jrh about 3 years

I'm not sure why Redirect permanent is necessary, but on my test machine it only seemed to redirect if permanent was enabled, otherwise it seems like the browser did not redirect.
MeSo2 almost 3 years

Warning!!! I do not recommend doing it using Apache. You will louse ALL Facebook Likes when doing this (provided you started collecting your Likes with an http connection!
MeSo2 almost 3 years

Warning!!! I do not recommend doing it using Apache. You will louse ALL Facebook Likes when doing this (provided you started collecting your Likes with an http connection!
Tino almost 3 years

Worked for me and was exactly what I was looking for as I did not want to use ModRewrite with Apache 2.4.38. The only difference is, that I used <Location /> as the quotes are not needed there. (Not tested with the quotes.)
Milan Babuškov over 2 years

This solution is much more robust when you have some nonstandard config. Thanks!
Jeremy Davis over 2 years

Or marginally less typing and easier to rememeber; read the readme without extracting: zcat /usr/share/doc/apache2/README.Debian.gz
thd over 2 years

This solution works for me (Apache/2.4.41 + Ubuntu 20.04.3) but I get HTTP status code 302. How to get status code 301?
bfontaine almost 2 years

I got ERR_INVALID_REDIRECT as well because it redirects to the litteral string https://%{HTTP_HOST}%{REQUEST_URI}.
smac89 almost 2 years

@bfontaine are you running your apache server behind a proxy? If HTTP_HOST is not being expanded, then it's likely due to the server not seeing the Host: header in the request