If your website uses Apache and SSL, there’s not much reason to keep using HTTP with your website. Having both HTTP and HTTPS just creates duplicate content, as now any given page will be accessible through two technically different URLs.
In this guide, we’ll assume you’re already using Apache on a Linux system and want to redirect all HTTP traffic to HTTPS. This will make sure that all your visitors are only connecting through HTTPS by forcing their browser over to the secure protocol if they happen to open an HTTP link. If a user decides to preface a link with http://
, your site will be smart enough to still send them to the correct page, rather than showing duplicate content or displaying a 404 error.
There are two ways to set up this redirection in Apache. The better method is to configure Virtual Host, but users with hosted websites may not have access to this configuration. The second method is by making some changes to the .htaccess
file. We’ll cover the step by step instructions for both methods below. Let’s get started.
In this tutorial you will learn:
- How to redirect HTTP to HTTPS with Virtual Host
- How to redirect HTTP to HTTPS with
.htaccess
file
Category | Requirements, Conventions or Software Version Used |
---|---|
System | Any Linux distro |
Software | Apache |
Other | Privileged access to your Linux system as root or via the sudo command. |
Conventions |
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command$ – requires given linux commands to be executed as a regular non-privileged user |
Redirect HTTP to HTTPS with Virtual Host
On Ubuntu, Debian, and its derivatives, you’ll find the virtual host files in /etc/apache2/sites-available
. Open the appropriate file in a text editor of your choice:
$ sudo vi /etc/apache2/sites-available/example.conf
On RedHat, CentOS, Fedora, and other derivatives, you’ll find the virtual hosts configuration in:
$ sudo vi /etc/httpd/conf.d
This file can be used to redirect traffic, among many other things. If you’re already using HTTP and HTTPS on your website, you should have at least two Virtual Hosts already in the file – one for 80 (HTTP) and one for 443 (HTTPS). To redirect the HTTP traffic, we’ll need to add the following line:
Redirect permanent / https://example.com/
Add it somewhere inside the <VirtualHost *:80>
heading, like in the example below:
Save your changes and exit this file when you’re done. For the changes to take effect, you’ll need to reload the Apache config with the following systemctl command:
$ sudo systemctl reload apache2 # Debian, Ubuntu OR $ sudo systemctl reload httpd # Red Hat, CentOS, Fedora
Redirect HTTP to HTTPS with .htaccess file
If you don’t have access to Virtual Host configuration, the .htaccess
file will be your only option. It can be found in the root directory of your website, which should be accessible regardless of what web host you’re using.
Simply edit this file and add the following lines of code to it. You can just paste them at the bottom of the file.
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]
That’s all there is to it. You should notice the changes instantly when navigating to your website, as Apache doesn’t need to be reloaded for those changes to take effect.
Closing Thoughts
HTTPS is definitely the way to go. In this article, we saw how easy it was to redirect all traffic to HTTPS and get rid of HTTP entirely. Either of these methods are viable for forcing HTTP traffic over to HTTPS on your website.