8/4/21

Quick HTTP to HTTPS - Apache2

There are several methods for redirecting your Apache-based website visitors who might type your servers URL using the plain (non-secure) HTTP protocol to be sent to the encrypted HTTPS version of your website which effectively, forces any visitor to your website to HTTPS.

The method below is my favorite for its simplicity and my own experience with it that it worked 100% of the time.

Before adding the redirection code to your Apache's config file you'd obviously need to have a working Apache and SSL configuration for your website, preferably with a valid SSL certificate. Once that condition is satisfied, the next step is to make sure that you have Apache's rewrite module installed and loaded.

You could quickly find out if your serve has the rewrite module installed and loaded by running the following command: apache2ctl -M 

The above command will return a list of installed & loaded modules, look for the following entryrewrite_module

Or, you could run the command this way: apache2ctl -M|grep rewrite which will give you this output - assuming that you do have the rewrite module installed and loaded-

rewrite_module (shared)

if not, then you need to add this module by following the instructions for your particular O.S flavor

First and last step for sending HTTP to HTTPS:

All you need to do is insert the following 3 lines into the <virtual host> usually located in /etc/apache2/sites-enabled/000-default.conf on Ubuntu based servers and in  /etc/httpd/conf/httpd.conf in Redhat-based servers like CENTOS using your favorite editor:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}

Save your conf file and run /usr/sbin/apache2ctl configtest to make sure that your conf file is free of syntax errors before you reload Apache. Once the configtest returns the result of "Syntax OK" you can run /usr/sbin/apache2ctl restart to apply your changes.

Finally, verify your work results by accessing the website you modified via your browser and make sure to call the website using http://your-server.com and watch your browser redirect you to the https://your-server.com




Quick HTTP to HTTPS - Apache2

There are several methods for redirecting your Apache-based website visitors who might type your servers URL using the plain (non-secure) HT...