YouTube Icon

Code Playground.

Redirect HTTP to HTTPS in Apache

CFG

Redirect HTTP to HTTPS in Apache

Apache HTTP worker is one of the most well known web workers on the planet. It is an open-source and cross-stage HTTP worker that controls a huge level of the Internet's sites. Apache gives numerous amazing highlights that can be reached out through extra modules. 

In the event that you are a site proprietor or framework executive, odds are that you're managing Apache consistently. One of the most widely recognized undertakings you'll probably perform is diverting the HTTP traffic to the made sure about (HTTPS) rendition of your site. 

In contrast to HTTP, where solicitations and reactions are sent and returned in plaintext, HTTPS utilizes TLS/SSL to encode the correspondence between the customer and the worker. 

There are numerous focal points of utilizing HTTPS over HTTP, for example, 

  • All the information is scrambled in the two ways. Subsequently, delicate data can't be perused whenever blocked. 
  • Google Chrome and all other famous programs will check your site as protected. 
  • HTTPS permits you to utilize the HTTP/2 convention, which fundamentally improves the site execution. 
  • Google favors HTTPS sites. Your site will rank better whenever served through HTTPS. 

This guide covers how to divert the HTTP traffic to HTTPS in Apache. 

There are a few different ways to divert to HTTPS in Apache. In the event that you have root admittance to the Linux worker where Apache runs, the favored route is to set up the redirection in the space's virtual host design record. Else, you can set up the redirection in the space's .htaccess document. 

Some control boards, for example, cPanel permits you to drive HTTPS redirection with a couple of mouse clicks. 

Redirect HTTP to HTTPS using Virtual Host

Apache Virtual Hosts characterizes the settings of at least one spaces facilitated on the worker. In the virtual host mandate, you can indicate the webpage report root (the catalog which contains the site documents), make a different security strategy for each website, utilize distinctive SSL testaments, arrange redirection, and considerably more. 

Commonly when a SSL authentication is introduced on a space, you will have two virtual host mandates for that area. The first for the HTTP adaptation of the site on port 80, and the other for the HTTPS rendition on port 443. 

In Red-Hat based distros, for example, CentOS and Fedora, virtual host documents are put away in the/and so forth/httpd/conf.d. While on Debian and its subordinates like Ubuntu the records are put away in the/and so on/apache2/destinations accessible catalog. 

To divert a site to HTTPS, utilize the Redirect order as appeared in the model underneath: 

<VirtualHost *:80> 
  ServerName example.com
  ServerAlias www.example.com

  Redirect permanent / https://example.com/
</VirtualHost>

<VirtualHost *:443>
  ServerName example.com
  ServerAlias www.example.com

  Protocols h2 http/1.1

  # SSL Configuration

  # Other Apache Configuration

</VirtualHost>

We should clarify the code. We're utilizing have two virtual host mandates, one for HTTP and one for the HTTPS form of the site. 

VirtualHost *:80 - The Apache worker tunes in for approaching associations on port 80 (HTTP) for the predefined area. 

VirtualHost *:443 - The Apache worker tunes in for approaching associations on port 443 (HTTPS) for the predefined area. 

The ServerName and ServerAlias mandates are indicating the virtual host's space names. Ensure you supplant it with your area name. 

The featured line, Redirect perpetual/https://example.com/inside the HTTP virtual host, diverts the traffic to the HTTPS form of the site. 

Commonly you likewise need to divert the HTTPS www adaptation of the site to the non-www or the other way around. Here is a model arrangement: 

<VirtualHost *:80> 
  ServerName example.com
  ServerAlias www.example.com

  Redirect permanent / https://example.com/
</VirtualHost>

<VirtualHost *:443>
  ServerName example.com
  ServerAlias www.example.com

  Protocols h2 http/1.1

  <If "%{HTTP_HOST} == 'www.example.com'">
    Redirect permanent / https://example.com/
  </If>

  # SSL Configuration

  # Other Apache Configuration

</VirtualHost>

The code inside the HTTPS virtual host (the featured lines ) is checking whether the solicitation header contains the www area and sidetracks to the non-www form. 

At whatever point you make changes to the design records you have to restart or reload the Apache administration for changes to produce results: 

Debian and Ubuntu: 

  • sudo systemctl reload apache2
  • CentOS and Fedora:

    sudo systemctl reload httpd

Redirect HTTP to HTTPS using .htaccess

.htaccess is an arrangement record on a for every index reason for the Apache webserver. This record can be utilized to characterize how Apache serves documents from the registry where the document is put and to empower/impair extra highlights. 

For the most part, the .htaccess record is set in the area root index, however you can have other .htaccess documents in the subdirectories. 

This strategy requires the mod_rewrite module to be stacked on the Apache worker. This module is stacked of course on most workers. On the off chance that conceivable, favor making a redirection in the virtual host since it is more straightforward and more secure. 

To divert all HTTP traffic to HTTPS, open the root .htaccess record, and add the accompanying code to it: 

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]

Here is the thing that the code implies: 

RewriteEngine On - empowers the Rewrite abilities. 

RewriteCond %{HTTPS} off - checks for HTTP association, and if the condition is met, the following line is executed. 

RewriteRule ^(.*)$ https://example.com/$1 [L,R=301] - divert HTTP to HTTPS with status code 301 (Moved Permanently). Ensure you change the area name. 

The model beneath has an extra condition that checks whether the solicitation starts with www. Use it to drive all guests to utilize the HTTPS non-www variant of the site: 

RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]

When altering .htaccess document, you don't have to restart the worker since Apache peruses the record on each solicitation. 

Conclusion

In Apache, the favored method to divert HTTP to HTTPS is to arrange the 301 divert in the space's virtual host. 

In the event that you have any inquiries or criticism, don't hesitate to leave a remark.




CFG