Blog

How to redirect http based site to https?

Tags: http to httpsssl

Published on: April 8, 2019 by Anitta Jose

How to redirect http based site to https?

Scenario:

SSL certificates are used to secure our websites. Once we install SSL on our website, we should redirect all our website URL’s to its HTTPS version. There are many ways to redirect http to https.

Redirect HTTP to HTTPS with Apache

If we are having a user level access in an Apache server, .htaccess file is the better way. Same would work for OpenLiteSpeed also. Have you heard of .htaccess files? A .htaccess file also called Hypertext file, helps us to configure our website without editing server wide configuration. It controls the directory and its sub-directories in which it is placed. Add the following lines in .htaccess file:

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Sometimes, if we are behind a load balancer, like AWS ELB, we may need to have an entry like this in .htaccess file:
RewriteCond %{HTTP:X-Forwarded-Proto} !https [NC]

RewriteCond %{HTTPS} off

RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
 If we have access to the Apache main server wide configuration file, edit the virtual host configuration to say below:
<VirtualHost *:80>ServerName www.domain.com

Redirect / https://www.domain.com/

</VirtualHost>

<VirtualHost *:443>

ServerName www.domain.com

# ... SSL configuration goes here

</VirtualHost>

 Redirect HTTP to HTTPS with Nginx

If the server is having Nginx as its webserver, then edit its configuration file and add the following lines:

server {

listen 80;

server_name www.domain.com;

return

301 https://$server_name$request_uri;

}

server {

listen 443 ssl;

server_name www.domain.com;

# Add Strict-Transport-Security to prevent Man in the Middle Attacks (HSTS Policy)

add_header Strict-Transport-Security "max-age=31536000" always;

[.…]

}

Man in the Middle Attack is an attack where an attacker secretly interferes the communication between two parties who believe they are communicating with each other. HSTS helps to prevent this attack. Actually HSTS is a web security policy by which the website inform the browsers that it should never load the site using HTTP but only using HTTPS protocol.

While using the above codes, don’t forget to replace “domain.com” with the actual domain name.

The SSL certificate installation is now completed, and our website is configured to accept secure connections.

Get 24/7 expert server management

Category : General, Howtos

Anitta Jose

Anitta Jose

Anitta is systems engineer since 2015 and holds broad experience in Linux, WordPress, and cPanel systems administration. Her interest lies more in Cloud technologies (AWS). From 2016, she writes blogs to share her experiences with wider audience.

You may also read:

Comments

Add new commentSIGN IN

Let's Connect

Get new updates

Categories

$0.000 items