Redirect HTTP to HTTPS on Apache

SSL secured websites or HTTPS has now become a must to have on website, especially those handling sensitive client information. Having a HTTPS enabled website means that a intruder can’t intrude to communication between users and website. HTTPS not only secures communication but is now a requirement for many new features like http2, which requires you to have https enabled on your server. Having a HTTPS enabled website also improves your Google SEO (Search Engine Optimization) ranking.

In this tutorial, we will discuss two methods on how we can redirect http traffic to https on Apache web servers.

First, let’s see the files which we will use to make the redirection of http to https,

/etc/httpd/conf/httpd.conf (RHEL/CentOS) – If you have access to this and have defined the Apache hosts entries in httpd.conf, than use this file to define the redirection options.

If you are using a custom location for defining the virtual hosts, than that’s where you will make the redirection entry. For example, if you have custom virtual hosts on /etc/httpd/conf.d/virtualhost.conf. Just make you changes accordingly.

/etc/apache2/sites-available/test.com (Ubuntu) – This file is same as custom defined virtual hosts configuration file. If using Ubuntu, than make redirection entry to this file. Here test.com is the name of the website.

.htaccess – This file is used when handling a number of servers or when you don’t have access to main configuration file like in case of wordpress installation but you can also use it on any case as well. This file is usually located in the root of the website.

All these files can be used to redirect traffic, so choose the file that’s suitable to your needs.

Using Redirect Directive on Apache

This method is pretty simple, make the following entry in virtual host config file (httpd.conf for CentOS/RHEL or test.com for Ubuntu),

<VirtualHost *:80>
ServerName test.com
<Location />
Redirect 301 / https://test.com/
</Location>
</VirtualHost>

<VirtualHost *:443>
ServerName example.com
DocumentRoot /var/www/html/test.com
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/test.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/test.com.key
SSLCertificateChainFile /etc/apache2/ssl/test.com.ca-bundle
</VirtualHost>

Save the file and restart the Apache for changes to take effect.
Web server traffic will be redirected from http to https now.

Using mod_rewrite Rewrite Module on Apache

Here we will use mod_rewrite module to redirect the traffic to https. To use this method, make sure that we have mod_rewrite module enabled.

To enable mod_rewrite module, open file ‘httpd.conf’ and make the following entry

For CentOS

$ vi /etc/httpd/conf/httpd.conf
LoadModule rewrite_module modules/mod_rewrite.so

For Ubuntu
$ sudo a2enmod rewrite

Restart the Apache service to implement the changes.

Next, make the following entry in the virtual host file ( httpd.conf for CentOS/RHEL or test.com for Ubuntu )

<VirtualHost *:80>
ServerName test.com
RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

<VirtualHost *:443>
ServerName example.com
DocumentRoot /var/www/html/test.com
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/test.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/test.com.key
SSLCertificateChainFile /etc/apache2/ssl/test.com.ca-bundle
</VirtualHost>

 

Now for the .htaccess file add the following entries on the file:

RewriteEngine On
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Note:- Make sure that you are not duplicating ‘RewriteEngine On’ and that the ‘RewriteCond’ , ‘RewriteRule’ immediately follow ‘RewriteEngine’.

Save the file and restart the Apache for changes to take effect.
Web server traffic will be redirected from http to https now.


– masterkenneth

Leave a Reply

Your email address will not be published. Required fields are marked *