How to redirect http based site to https?

SSL certificates are used to secure our websites. Once we install SSL on our website, we should redirect all our website URL’s to its HTTPS version. There are many ways to redirect http to https.

Redirect HTTP to HTTPS with Apache #

If we are having a user level access in an Apache server, .htaccess file is the better way. Same would work for OpenLiteSpeed also. Have you heard of .htaccess files? A .htaccess file also called Hypertext file, helps us to configure our website without editing server wide configuration. It controls the directory and its sub-directories in which it is placed. Add the following lines in .htaccess file:

RewriteEngine On

RewriteCond %{HTTPS} off

RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

If we have access to the Apache main server wide configuration file, edit the virtual host configuration to say below:

<VirtualHost *:80>ServerName www.domain.com

Redirect / https://www.domain.com/

</VirtualHost>

<VirtualHost *:443>

ServerName www.domain.com

 ... SSL configuration goes here

</VirtualHost>

Redirect HTTP to HTTPS with Nginx #

server {

listen 80;

server_name www.domain.com;

return

301 https://$server_name$request_uri;

}

server {

listen 443 ssl;

server_name www.domain.com;

# Add Strict-Transport-Security to prevent Man in the Middle Attacks (HSTS Policy)

add_header Strict-Transport-Security "max-age=31536000" always;

[.…]

}

Man in the Middle Attack is an attack where an attacker secretly interferes the communication between two parties who believe they are communicating with each other. HSTS helps to prevent this attack. Actually HSTS is a web security policy by which the website inform the browsers that it should never load the site using HTTP but only using HTTPS protocol.

While using the above codes, don’t forget to replace “domain.com” with the actual domain name.

The SSL certificate installation is now completed, and our website is configured to accept secure connections.

Powered by BetterDocs