In this article, we’ll showcase a basic method to force an HTTP to HTTPS redirect for clients on your website. Forced HTTPS keeps users safe from accidentally browsing over un-encrypted HTTP. By forcing all connections over SSL, the user’s information is kept secure, and data cannot be intercepted.
One of the most commonly asked questions is: Why should I use an SSL certificate? Standalone HTTP leaves traffic un-encrypted and susceptible to snooping. Purchasing a certificate (or using a free one) ensures a secure and encrypted session between your users and server. A forced HTTPS redirect keeps your users from accidentally browsing over un-encrypted sessions, thus keeping their connection and data safe.
Step 1: Ensure Apache is installed:
On CentOS/RHEL:
sudo yum install httpd
On Debian/Ubuntu:
sudo apt install apache2
After installing Apache2, start and enable the service. Afterwards, verify that it is reachable through a web browser. If you are unable to see the Apache2 default webpage, check your firewall rules for port 443.
Step 2: Enable mod_rewrite module
The module is enabled by default on CentOS/RHEL. You can verify by looking for this line in your httpd.conf
file:
LoadModule rewrite_module modules/mod_rewrite.so
On Debian/Ubuntu, you can enable the module by running:
sudo a2enmod rewrite
Step 3: .htaccess Configuration
To accomplish the actual HTTPS redirect, create a .htaccess
file in the domain root directory, and add the following code. Apache will not require a restart, the .htaccess
file is loaded every time a user accesses the web page. Please ensure to replace “example.com” with your real domain.
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]
All done! Your page is now secured with HTTPS.