Apache Redirect to HTTPS

Apache Redirect

Make sure when you access a website, it is secure. It is important to add ‘HTTPS’ to a URL every time. It is, therefore, essential to enable automatic redirect from HTTP to HTTPS. 

Various modules need to be enabled to activate this redirect:

In Debian-based Ubuntu OS, run these commands:

sudo a2enmod rewrite

sudo a2enmod SSL

To enable SSL module in CentOS, run these command:

yum install mod_ssl

The rewrite module configured by default on these operating systems shown by the following line in the main config file:

LoadModule rewrite_module modules/mod_rewrite.so

However, if it is available, install the module by running:

sudo yum install mod_rewrite

If both modules are enabled, you see this message:

yum example if package is already installed

Enabling Apache Redirect

There are several methods to do this:

  • Enabling redirect in the virtual host file
  • Enabling redirect in the .htaccess file created in the webroot folder
  • Using mod_rewrite rule in the virtual host file
  • Using redirect in the .htaccess file to force HTTPS

Enabling Redirect in the Virtual Host File

Enabling redirect in the host file is usually safer and simple as it applies to all systems. There are usually two virtual files in Apache: one is for the non-secure port 80 while the other is for the secure port 443.

Port 80

<VirtualHost *:80>
    ServerName www.yourdomain.com
    DocumentRoot /usr/local/apache2/htdocs
    Redirect permanent /secure https://yourdomain.com/secure
</VirtualHost>

Port 443

<VirtualHost _default_:443>
    ServerName www.yourdomain.com
    DocumentRoot /usr/local/apache2/htdocs
    SSLEngine On
    ...
</VirtualHost>

/secure is the directory you would like Apache to force https for.

Enabling a permanent redirect to HTTPS for all pages

<VirtualHost *:80>
    ServerName www.yourdomain.com
    Redirect permanent / https://www.yourdomain.com/
</VirtualHost>
<VirtualHost _default_:443>
    ServerName www.yourdomain.com
    DocumentRoot /usr/local/apache2/htdocs
    SSLEngine On
    ...
</VirtualHost>

Use .htaccess to Redirect to HTTPS

In the root folder, find the .htaccess file and put the following command in:

Redirect permanent /secure https://www.yourdomain.com/secure

Using mod_rewrite rule in the virtual host file

This is recommended for experienced users as configuration can be different on different systems.

Redirect for certain pages

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?secure/(.*) https://%{SERVER_NAME}/secure/$1 [R,L]

Redirect for all directories 

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]

Note: 

Add =301 to the brackets in the R-flag to set the redirect to permanent. Your website now has HTTPS by default.

All the commands mentioned above are related only to Debian-based Linux systems such as Ubuntu. For other systems, contact your server/hosting provider or use the server help files. The above document provides all the necessary information you need for Ubuntu.

General TechLinuxSecurity
Bash Scripting
AutomationGeneral TechLinux

Beginners Guide to Bash

by site-admin
on Dec 28
Shell, Scripting & Bash Meaning Shell Meaning Shell is a macro processor […]
Read more
Red Hat Ansible Automation
AnsibleAutomation

UFW Ansible Help and Guides

by site-admin
on Oct 16
If you need to manage your firewalls using ansible, below, you will […]
Read more
Rectenna - create power through wifi
General Techwifi

SCIENTISTS GENERATE POWER THROUGH WIFI

by site-admin
on Apr 14
“Rectenna” now that is a name to remember. Scientists are raising the […]
Read more