281

I am trying to set up automatic redirection from HTTP to HTTPS:

From manage.mydomain.com --- To ---> https://manage.mydomain.com

I have tried adding the following to my httpd.conf file, but it didn't work:

RewriteEngine on
   ReWriteCond %{SERVER_PORT} !^443$
   RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]

How can I fix it?

Environment: CentOS with Apache

Improve this question
0

13 Answers 13

Reset to default
321

I have actually followed this example and it worked for me :)

NameVirtualHost *:80
<VirtualHost *:80>
    ServerName mysite.example.com
    Redirect permanent / https://mysite.example.com/
</VirtualHost>

<VirtualHost _default_:443>
    ServerName mysite.example.com
    DocumentRoot /usr/local/apache2/htdocs
    SSLEngine On
    # etc...
</VirtualHost>

Then do:

/etc/init.d/httpd restart
Improve this answer
Sign up to request clarification or add additional context in comments.

14 Comments

Note that this is only available if you have access to the VirtualHost file. It is the recommended method.
After changing this on httpd.conf, restart apache web server. so that it will reflect and clear your browser cache too.
I would like to report that this method didn't work for me with Ubuntu 12.4, however the proposed RewriteEngine answer did the trick.
do you have to do a restart? a reload is much less destructive and will bring in the new config file. /etc/init.d/httpd reload || service httpd reload
since the purpose was to redirect it to the ssl mode, the line DocumentRoot /usr/local/apache2/htdocs is no longer needed
|
240

Use:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}

Apache Redirect HTTP to HTTPS using mod_rewrite

or

Apache: Redirect http to https Apache secure connection – force HTTPS Connections

Improve this answer

13 Comments

This is a better solution than the approved one, because it works even if you are behind an SSL offloader like Pound or BigIP. Those offloader will often pass all the traffic onto the same port,and the approved solution won't work in that specific case
@spiritoo Not so. The Apache docs specifically say that this is one of those situations where you should not use mod_rewrite and should rather use Redirect: httpd.apache.org/docs/2.4/rewrite/avoid.html
@LukeMadhanga Apache docrecommands using Redirect for performance. But still, the RewriteEngine solution is better, in the sense of more generic, because it works even in the case I described (offloading). The goal of my comment is to provide every user the key to choose between the two answers. Some people want generic procedures (big corps), others want performance... it's a free choice.
This is great, however, if you want to make it greater then add this [R=302,L,QSA] so any parameters are also passed to the secure page. It should look like: %{REQUEST_URI} [R=302,L,QSA]
@SvetoslavMarinov This comment implies, "that [QSA] is automatically added when [R] is used in this context and no ? is present in the rewritten URL so it's superfluous here".
|
147

I searched for apache redirect http to https and landed here. This is what I did on Ubuntu:

  1. Enable modules.

    sudo a2enmod rewrite
sudo a2enmod ssl

  2. Edit your site configuration.

    Edit file:

    /etc/apache2/sites-available/000-default.conf

    The content should be:

    <VirtualHost *:80>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile    <path to your certificate file>
    SSLCertificateKeyFile   <path to your private key file>

    # Rest of your site configuration
    # ...
</VirtualHost>

    Note that the SSL module requires a certificate. You will need to specify an existing one (if you bought one) or to generate a self-signed certificate by yourself.

  3. Restart Apache

    sudo service apache2 restart
Improve this answer

4 Comments

For ip address redirect myipaddress to myipaddress worked. Thanks.
This solution is much more robust when you have some nonstandard config. Thanks!
This solution works for me (Apache/2.4.41 + Ubuntu 20.04.3) but I get HTTP status code 302. How to get status code 301?
Works fine on Debian 11, thanks.
19

Using mod_rewrite is not the recommended way. Instead, use a virtual host and redirect.

In case if you are inclined to do using mod_rewrite:

RewriteEngine On
# This will enable the Rewrite capabilities

RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS

RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same 
location but using HTTPS.
# I.e., http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in
# httpd.conf or .htaccess context

Reference: Httpd Wiki - RewriteHTTPToHTTPS

If you are looking for a 301 Permanent Redirect, then the redirect flag should be as,

 R=301

so the RewriteRule will be like,

RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R=301,L]
Improve this answer

Comments

17

I needed this for something as simple as redirecting all HTTP traffic from the default Apache home page on my server to one served over HTTPS.

Since I'm still quite green when it comes to configuring Apache, I prefer to avoid using mod_rewrite directly and instead went for something simpler like this:

<VirtualHost *:80>
  <Location "/">
     Redirect permanent "https://%{HTTP_HOST}%{REQUEST_URI}"
  </Location>
</VirtualHost>

<VirtualHost *:443>
  DocumentRoot "/var/www/html"
  SSLEngine on
  ...
</VirtualHost>

I like this because it allowed me to use Apache variables. That way, I didn't have to specify the actual host name since it's just an IP address without an associated domain name.

References: Using RedirectMatch with HTTP_HOST in the destination

Improve this answer

6 Comments

I got this: ERR_INVALID_REDIRECT. seems that parameters are not defined here.
Worked for me and was exactly what I was looking for as I did not want to use ModRewrite with Apache 2.4.38. The only difference is, that I used <Location /> as the quotes are not needed there. (Not tested with the quotes.)
I got ERR_INVALID_REDIRECT as well because it redirects to the litteral string https://%{HTTP_HOST}%{REQUEST_URI}.
@bfontaine are you running your apache server behind a proxy? If HTTP_HOST is not being expanded, then it's likely due to the server not seeing the Host: header in the request
Attention: I recommend using SERVER_NAME instead of HTTP_HOST in case you have more than one virtual host! Otherwise you rewrite with the IP and loose the query hostname. Spent a couple of hours trying to figure out why apache was calling the wrong host...
|
13

Actually, your topic is belongs on Server Fault, but you can still try to check these .htaccess directives:

RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^(.*) https://%{HTTP_HOST}/$1
Improve this answer

Comments

11

If you have Apache 2.4, check file 000-default.conf. Remove DocumentRoot and add:

Redirect permanent / https://[your-domain]/
Improve this answer

Comments

7

Server version: Apache 2.4.29 (Ubuntu)

After a long search on the web and in the official documentation of Apache HTTP Server, the only solution that worked for me came from /usr/share/doc/apache2/README.Debian.gz

To enable SSL, type (as user root):

a2ensite default-ssl
a2enmod ssl

In the file /etc/apache2/sites-available/000-default.conf, add the

Redirect "/" "https://sub.domain.com/"

<VirtualHost *:80>

    #ServerName www.example.com
    DocumentRoot /var/www/owncloud
    Redirect "/" "https://sub.domain.com/"

That's it.

P.S: If you want to read the manual without extracting:

gunzip -cd /usr/share/doc/apache2/README.Debian.gz
Improve this answer

2 Comments

Or marginally less typing and easier to rememeber; read the readme without extracting: zcat /usr/share/doc/apache2/README.Debian.gz
@JeremyDavis Yeah, or maybe even use zless /usr/share/doc/apache2/README.Debian.gz (instead of zcat) so you can scroll through it without printing it all into the terminal session.
6

This code work for me.

<VirtualHost *:80>

    # ---------- Port 80 ----------
    RewriteEngine on
    # Redirect http non-www to https www
    RewriteCond %{HTTPS} off
    RewriteCond %{SERVER_NAME} =example.com
    RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]

    # Redirect http www to https www
    RewriteCond %{HTTPS} off
    RewriteCond %{SERVER_NAME} =www.example.com
    RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>

<VirtualHost *:443>

    # ---------- Port 443 ----------
    RewriteEngine on
    # Redirect https non-www to https www
    RewriteCond %{SERVER_NAME} !^www\.(.*)$ [NC]
    RewriteRule ^ https://www.%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>
Improve this answer

Comments

5

For me, this worked:

RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
Improve this answer

Comments

4

Please try this one in Apache's Virtualhosting configuration and then reload the Apache service:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI}
Improve this answer

Comments

3

This worked for me:

RewriteCond %{HTTPS} =off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [QSA,L,R=301]
Improve this answer

Comments

1

This specific issue is covered in the Apache documentation here. Use an Apache configuration modeled on the one in the excerpt below (typically, you'll want to name the file something like com.example.www.conf).

To redirect http URLs to https, do the following:

<VirtualHost *:80>
    ServerName www.example.com
    Redirect "/" "https://www.example.com/"
</VirtualHost>

<VirtualHost *:443>
    ServerName www.example.com
    # ... SSL configuration goes here
</VirtualHost>
Improve this answer

6 Comments

I don't understand why this answer was downvoted. I'm interested to know why, I'm willing to delete the answer if it can be explained why I shouldn't have posted it.
The answer is throwing a reference, copying some documentation, and is *** *** unspecific *** **** (for instance, what is the issue?), without explaining the gist of it. It is somewhat equivalent to a code dump. If the link breaks, it is essentially a "try this" answer. From the Help Center: "...always explain why the solution you're presenting is appropriate and how it works".
@PeterMortensen The issue is "How can I automatically redirect HTTP to HTTPS on Apache servers?", and the quoted config setting is specifically addressing that: "To redirect http URLs to https...". If the link breaks, someone can switch it to an archive.org version of the link (something I frequently do for old answers where the link has broken). I don't see how the second link you added is at all related, as I'm not passing off someone else's written-up blog-post-style explanation as my own. The format of my answer is basically the same of that of the top-voted answer.
@PeterMortensen I've added a sentence explaining where the excerpt should be placed, in case that's not clear.
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.