How can I automatically redirect HTTP to HTTPS on Apache servers?

Question

I am trying to set up automatic redirection from HTTP to HTTPS:

From manage.mydomain.com --- To ---> https://manage.mydomain.com

I have tried adding the following to my httpd.conf file, but it didn't work:

 RewriteEngine on
    ReWriteCond %{SERVER_PORT} !^443$
    RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]

How can I fix it?

Environment: CentOS with Apache

Answer 1

Server version: Apache 2.4.29 (Ubuntu)

After a long search on the web and in the official documentation of Apache HTTP Server, the only solution that worked for me came from /usr/share/doc/apache2/README.Debian.gz

To enable SSL, type (as user root):

a2ensite default-ssl
a2enmod ssl

In the file /etc/apache2/sites-available/000-default.conf, add the

Redirect "/" "https://sub.domain.com/"

<VirtualHost *:80>

    #ServerName www.example.com
    DocumentRoot /var/www/owncloud
    Redirect "/" "https://sub.domain.com/"

That's it.

---

P.S: If you want to read the manual without extracting:

gunzip -cd /usr/share/doc/apache2/README.Debian.gz

Answer 2

Please try this one in Apache's Virtualhosting configuration and then reload the Apache service:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}

Answer 3

I searched for apache redirect http to https and landed here. This is what I did on Ubuntu:

1. Enable modules.

   sudo a2enmod rewrite
   sudo a2enmod ssl
   

2. Edit your site configuration.

   Edit file:

   /etc/apache2/sites-available/000-default.conf
   

   The content should be:

   <VirtualHost *:80>
       RewriteEngine On
       RewriteCond %{HTTPS} off
       RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
   </VirtualHost>
   
   <VirtualHost *:443>
       SSLEngine on
       SSLCertificateFile    <path to your certificate file>
       SSLCertificateKeyFile   <path to your private key file>
   
       # Rest of your site configuration
       # ...
   </VirtualHost>
   

   Note that the SSL module requires a certificate. You will need to specify an existing one (if you bought one) or to generate a self-signed certificate by yourself.

3. Restart Apache

   sudo service apache2 restart
   

Answer 4

I needed this for something as simple as redirecting all HTTP traffic from the default Apache home page on my server to one served over HTTPS.

Since I'm still quite green when it comes to configuring Apache, I prefer to avoid using mod_rewrite directly and instead went for something simpler like this:

<VirtualHost *:80>
  <Location "/">
     Redirect permanent "https://%{HTTP_HOST}%{REQUEST_URI}"
  </Location>
</VirtualHost>

<VirtualHost *:443>
  DocumentRoot "/var/www/html"
  SSLEngine on
  ...
</VirtualHost>

I like this because it allowed me to use Apache variables. That way, I didn't have to specify the actual host name since it's just an IP address without an associated domain name.

References: Using RedirectMatch with HTTP_HOST in the destination

Answer 5

For me, this worked:

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

Answer 6

This specific issue is covered in the Apache docs here. Use an Apache configuration modeled on the one in the excerpt below (typically you'll want to name the file something like com.example.www.conf).

To redirect http URLs to https, do the following:

<VirtualHost *:80>
    ServerName www.example.com
    Redirect "/" "https://www.example.com/"
</VirtualHost>

<VirtualHost *:443>
    ServerName www.example.com
    # ... SSL configuration goes here
</VirtualHost>

Answer 7

If you have Apache 2.4, check file 000-default.conf. Remove DocumentRoot and add:

Redirect permanent / https://[your-domain]/

Answer 8

Using mod_rewrite is not the recommended way. Instead, use a virtual host and redirect.

In case if you are inclined to do using mod_rewrite:

RewriteEngine On
# This will enable the Rewrite capabilities

RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS

RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same 
location but using HTTPS.
# I.e., http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in
# httpd.conf or .htaccess context

Reference: Httpd Wiki - RewriteHTTPToHTTPS

If you are looking for a 301 Permanent Redirect, then the redirect flag should be as,

 R=301

so the RewriteRule will be like,

RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]

Answer 9

Actually, your topic is belongs on Server Fault, but you can still try to check these .htaccess directives:

RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*) https://%{HTTP_HOST}/$1

Answer 10

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}

Apache Redirect HTTP to HTTPS using mod_rewrite

or

Apache: Redirect http to https Apache secure connection – force HTTPS Connections

Answer 11

I have actually followed this example and it worked for me :)

NameVirtualHost *:80
<VirtualHost *:80>
   ServerName mysite.example.com
   Redirect permanent / https://mysite.example.com/
</VirtualHost>

<VirtualHost _default_:443>
   ServerName mysite.example.com
  DocumentRoot /usr/local/apache2/htdocs
  SSLEngine On
 # etc...
</VirtualHost>

Then do:

/etc/init.d/httpd restart

Answer 12

This code work for me.

# ----------port 80----------
RewriteEngine on
# redirect http non-www to https www
RewriteCond %{HTTPS} off
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

# redirect http www to https www
RewriteCond %{HTTPS} off
RewriteCond %{SERVER_NAME} =www.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

# ----------port 443----------
RewriteEngine on
# redirect https non-www to https www
RewriteCond %{SERVER_NAME} !^www\.(.*)$ [NC]
RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

Answer 13

This worked for me:

RewriteCond %{HTTPS} =off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L,R=301]