Redirect HTTP to HTTPS on Apache
It provides all the steps required to redirect HTTP to HTTPS on the Apache Web Server with examples. It shows how to redirect the HTTP requests to HTTPS for secure communication between the Apache Web Server and client software.
Apache is one of the popular web servers used to host websites and applications. We can host multiple sites using the Apache Web Server by defining each site configuration in its own virtual host placed at the sites-available directory of the Apache installation. The common path of this directory for Apache 2.4 and above is /etc/apache2/sites-available.
We can also install an SSL certificate from the trusted certificate authorities to ensure that the commonly used browsers and clients recognize the certificate. We can make the website to handle the HTTP (
This tutorial is written for the popular Linux distribution Ubuntu. It provides all the steps required to add redirect rules on Ubuntu 18.04 LTS. The steps should be similar for other Linux systems and Ubuntu versions.
Prerequisites
You must meet the below-listed prerequisites on the server to continue with this tutorial.
Ubuntu Server - This tutorial is written for Ubuntu 18.04 LTS, though it can be any other Linux system. The steps should be the same on other systems. You can also follow Complete Guide To Install Ubuntu 18.04 LTS (Bionic Beaver) to install the desktop version of Ubuntu.
Apache Web Server - It assumes that the Apache is already installed on the system and it's configured properly to access the Virtual Host using the domain name. It can be easily done on your local system in case you have a static IP address. You can also follow How To Install Apache 2 On Ubuntu 18.04 LTS to install the Apache Web Server.
Domain - A valid domain properly configured at your domain registrar pointing to your server. I have used example.com in this tutorial for reference. Make to replace it with your own domain.
Apache Modules - As part of this tutorial, also make sure that the appropriate apache modules are enabled as shown below.
# Enable rewrite module
sudo a2enmod rewrite
# Enable SSL module
sudo a2enmod ssl
Firewall - Ports 80 and 443 are open to
Configuration Files
We can add the redirect rules to the configuration files of the Apache Web Server as listed below.
Virtual Host - The Virtual Host is the most important configuration file of a website. We can update this file to add the redirect rules.
.htaccess File - We can also update the site-specific configuration file i.e. .htaccess. We can place the .htaccess file within multiple directories of the same site to define different rules for different directories. The major advantage of using it for redirect rules is that we can add it within the website directory. Most of the hosting agencies do not allow to modify the virtual host of a domain.
There is no difference in the syntax for both the files. The only major difference is that in the virtual host configuration, we can add redirect rules only within the VirtualHost tag. We can add the redirect rules directly to the .htaccess file.
Redirect Options
We can either use the mod_rewrite module or the redirect directive of the mod_alias module to redirect from
The commonly used redirect options with examples using the mod_rewrite module are as shown below.
# Commonly used redirect options
# R - causes a HTTP redirect to be issued to the browser
# L - stop rewrite module from further processing the rule set
# END - prevent subsequent rewrite processing
# NE - prevent conversion of special characters including & and ? to their hexcode equivalent
# Normal Redirect
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# Permanent Redirect
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [L,R=301]
# Permanent Redirect
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
Redirect All
In this section, we will discuss redirecting all the requests from HTTP to HTTPS. The redirect examples mentioned in this section should be the first redirect rules or directive for a website.
It can be done for a specific website using the mod_rewrite module as shown below.
# Redirect HTTP to HTTPS - virtual host
sudo nano /etc/apache2/sites-available/example.com.conf
# Content
<VirtualHost *:80>
....
....
ServerName example.com
ServerAlias www.example.com
....
....
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com [OR]
RewriteCond %{SERVER_NAME} =www.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
# Redirect HTTP to HTTPS - .htaccess
sudo nano /var/www/example.com/.htaccess
# Content
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com [OR]
RewriteCond %{SERVER_NAME} =www.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
In the above mentioned example, the last four lines are required to redirect all the HTTP requests to HTTPS, hence securing the entire site. The first line is enabling the rewrite engine for the virtual host. The second and third lines are the conditions to match the server name from the request URL. The fourth line redirects the request permanently to HTTPS in case the condition in the second line returns true.
We can also achieve the same effect by checking the HTTPS protocol for all the requests as shown below.
# Redirect HTTP to HTTPS - virtual host
sudo nano /etc/apache2/sites-available/example.com.conf
# Content
<VirtualHost *:80>
....
....
ServerName example.com
ServerAlias www.example.com
....
....
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>
# Redirect HTTP to HTTPS - .htaccess
sudo nano /var/www/example.com/.htaccess
# Content
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# We can achive the same effect as shown below
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Another way to handle redirect is by checking the host as shown below. It can be used within the .htaccess file.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R=301,L]
We can also have the same effect by simply adding a single redirect directive of the mod_alias module as shown below.
# Redirect HTTP to HTTPS - virtual host
sudo nano /etc/apache2/sites-available/example.com.conf
# Content
<VirtualHost *:80>
....
....
ServerName example.com
ServerAlias www.example.com
....
....
Redirect permanent / https://www.example.com/
</VirtualHost>
# Redirect HTTP to HTTPS - .htaccess
sudo nano /var/www/example.com/.htaccess
# Content
Redirect permanent / https://www.example.com/
This is how we can have a redirect from
Redirect Selected
In this section, we will discuss the examples to redirect only selective URLs to be specific in redirecting the
We can redirect all the requests received for the specified URL pattern using the mod_rewrite module as shown below.
# Redirect all the requests by matching path
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?user/(.*) https://%{SERVER_NAME}/user/$1 [L,R=301]
We can also achieve the same effect by using a single redirect directive of the mod_alias module as shown below.
# Redirect all the requests by matching path
Redirect permanent /user https://www.example.com/user
Summary
This is how we can redirect the requests over the HTTP protocol to the HTTPS protocol.
