Redirect HTTP to HTTPS on Apache

By bhagwatchouhan
Redirect HTTP to HTTPS on Apache

Apache is one of the popular web servers used to host websites and applications. We can host multiple sites using the Apache Web Server by defining each site configuration in its own virtual host placed at the sites-available directory of the Apache installation. The common path of this directory for Apache 2.4 and above is /etc/apache2/sites-available.

We can also install an SSL certificate from the trusted certificate authorities to ensure that the commonly used browsers and clients recognize the certificate. We can make the website to handle the HTTP (Hyper Text Transfer Protocol) requests over the HTTPS (HTTP over SSL) protocol which is not enabled by default. This tutorial provides the steps required to redirect the HTTP requests to HTTPS. You can also refer Configure Virtual Host On Apache to add virtuals hosts on the Apache Web Server.

This tutorial is written for the popular Linux distribution Ubuntu. It provides all the steps required to add redirect rules on Ubuntu 18.04 LTS. The steps should be similar for other Linux systems and Ubuntu versions.

 

Prerequisites

You must meet the below-listed prerequisites on the server to continue with this tutorial.

Ubuntu Server - This tutorial is written for Ubuntu 18.04 LTS, though it can be any other Linux system. The steps should be the same on other systems. You can also follow Complete Guide To Install Ubuntu 18.04 LTS (Bionic Beaver) to install the desktop version of Ubuntu.

Apache Web Server - It assumes that the Apache is already installed on the system and it's configured properly to access the Virtual Host using the domain name. It can be easily done on your local system in case you have a static IP address. You can also follow How To Install Apache 2 On Ubuntu 18.04 LTS to install the Apache Web Server.

Domain - A valid domain properly configured at your domain registrar pointing to your server. I have used example.com in this tutorial for reference. Make to replace it with your own domain.

Apache Modules - As part of this tutorial, also make sure that the appropriate apache modules are enabled as shown below.

# Enable rewrite module
sudo a2enmod rewrite
# Enable SSL module
sudo a2enmod ssl

Firewall - Ports 80 and 443 are open to accept connections.

 

Configuration Files

We can add the redirect rules to the configuration files of the Apache Web Server as listed below.

Virtual Host - The Virtual Host is the most important configuration file of a website. We can update this file to add the redirect rules.

.htaccess File - We can also update the site-specific configuration file i.e. .htaccess. We can place the .htaccess file within multiple directories of the same site to define different rules for different directories. The major advantage of using it for redirect rules is that we can add it within the website directory. Most of the hosting agencies do not allow to modify the virtual host of a domain.

There is no difference in the syntax for both the files. The only major difference is that in the virtual host configuration, we can add redirect rules only within the VirtualHost tag. We can add the redirect rules directly to the .htaccess file.

 

Redirect Options

We can either use the mod_rewrite module or the redirect directive of the mod_alias module to redirect from http to https. The redirect directive is preferred over mod_rewrite to handle simple redirects. We can use mod_rewrite for complex redirects.

The commonly used redirect options with examples using the mod_rewrite module are as shown below.

# Commonly used redirect options
# R - causes a HTTP redirect to be issued to the browser
# L - stop rewrite module from further processing the rule set
# END - prevent subsequent rewrite processing
# NE - prevent conversion of special characters including & and ? to their hexcode equivalent
# Normal Redirect RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# Permanent Redirect
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [L,R=301]
# Permanent Redirect RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

 

Redirect All

In this section, we will discuss redirecting all the requests from HTTP to HTTPS. The redirect examples mentioned in this section should be the first redirect rules or directive for a website.

It can be done for a specific website using the mod_rewrite module as shown below.

# Redirect HTTP to HTTPS - virtual host
sudo nano /etc/apache2/sites-available/example.com.conf
# Content
<VirtualHost *:80>
.... .... ServerName example.com ServerAlias www.example.com .... .... RewriteEngine on RewriteCond %{SERVER_NAME} =example.com [OR] RewriteCond %{SERVER_NAME} =www.example.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost>
# Redirect HTTP to HTTPS - .htaccess sudo nano /var/www/example.com/.htaccess
# Content RewriteEngine on RewriteCond %{SERVER_NAME} =example.com [OR] RewriteCond %{SERVER_NAME} =www.example.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

In the above mentioned example, the last four lines are required to redirect all the HTTP requests to HTTPS, hence securing the entire site. The first line is enabling the rewrite engine for the virtual host. The second and third lines are the conditions to match the server name from the request URL. The fourth line redirects the request permanently to HTTPS in case the condition in the second line returns true.

We can also achieve the same effect by checking the HTTPS protocol for all the requests as shown below.

# Redirect HTTP to HTTPS - virtual host
sudo nano /etc/apache2/sites-available/example.com.conf
# Content <VirtualHost *:80> .... .... ServerName example.com ServerAlias www.example.com .... .... RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] </VirtualHost>
# Redirect HTTP to HTTPS - .htaccess sudo nano /var/www/example.com/.htaccess
# Content RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# We can achive the same effect as shown below RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Another way to handle redirect is by checking the host as shown below. It can be used within the .htaccess file.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]

We can also have the same effect by simply adding a single redirect directive of the mod_alias module as shown below.

# Redirect HTTP to HTTPS - virtual host
sudo nano /etc/apache2/sites-available/example.com.conf
# Content <VirtualHost *:80> .... .... ServerName example.com ServerAlias www.example.com .... .... Redirect permanent / https://www.example.com/ </VirtualHost>
# Redirect HTTP to HTTPS - .htaccess sudo nano /var/www/example.com/.htaccess
# Content Redirect permanent / https://www.example.com/

This is how we can have a redirect from http to https for all the requests received by a website for http. The above-mentioned examples can be used to have either temporary or permanent redirect by using the appropriate options.

 

Redirect Selected

In this section, we will discuss the examples to redirect only selective URLs to be specific in redirecting the http requests to https. I will just provide the redirect rules in this section without specifying the virtual host or .htaccess file.

We can redirect all the requests received for the specified URL pattern using the mod_rewrite module as shown below.

# Redirect all the requests by matching path
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?user/(.*) https://%{SERVER_NAME}/user/$1 [L,R=301] 

We can also achieve the same effect by using a single redirect directive of the mod_alias module as shown below.

# Redirect all the requests by matching path
Redirect permanent /user https://www.example.com/user

 

Summary

This is how we can redirect the requests over the HTTP protocol to the HTTPS protocol.

Share this blog:

Profile picture for user bhagwatchouhan
bhagwatchouhan