How to Redirect HTTP to HTTPS on Apache

HTTP (Hyper Text Transfer Protocol) is a popular as well as the fundamental protocol for data communication on the World Wide Web (WWW); typically between a web browser and the server which stores web files. Whereas HTTPS is the secure version of HTTP, where the ‘S‘ at the end stands for ‘Secure‘.

Using HTTPS, all data between your browser and the web server are encrypted thus secure. This tutorial will show you how to redirect HTTP to HTTPS on Apache HTTP server in Linux.

Before you can set up an Apache HTTP to HTTPS redirect for your domain, make sure you have SSL certificate installed and mod_rewrite is enabled in Apache. For more information on how to setup SSL on Apache, see following guides.

  1. How to Create Self-Signed SSL Certificates and Keys for Apache
  2. How to Install Let’s Encrypt SSL Certificate on CentOS/RHEL 7
  3. How to Install Let’s Encrypt SSL Certificate on Debian/Ubuntu

Redirect HTTP to HTTPS on Apache Using .htaccess File

For this method, make sure mod_rewrite is enabled, otherwise enable it like this on Ubuntu/Debian systems.

$ sudo a2enmod rewrite [Ubuntu/Debian]

For CentOS/RHEL users, ensure that your have the following line in httpd.conf (mod_rewrite support – enabled by default).

LoadModule rewrite_module modules/

Now you just need to edit or create .htaccess file in your domain root directory and add these lines to redirect http to https.

RewriteEngine On RewriteCond %{HTTPS} !=on RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] 

Now, when a visitor types the server will automatically redirect HTTP to HTTPS

Redirect HTTP to HTTPS on Apache Virtual Host

Additionally, to force all web traffic to use HTTPS, you can also configure your virtual host file. Normally, there are two important sections of a virtual host configurations if an SSL certificate is enabled; the first contains configurations for the non-secure port 80.

The second is for the secure port 443. To redirect HTTP to HTTPS for all the pages of your website, first open the appropriate virtual host file. Then modify it by adding the configuration below.

NameVirtualHost *:80
<VirtualHost *:80>
Redirect /
<VirtualHost _default_:443>
DocumentRoot /usr/local/apache2/htdocs
SSLEngine On
# etc...

Save and close the file, then restart the HTTP sever like this.

$ sudo systemctl restart apache2 [Ubuntu/Debian]
$ sudo systemctl restart httpd [RHEL/CentOS]

While the <VirtualHost> is the most recommended solution because it is simpler and safer.

You may like to read these useful assortment of Apache HTTP server security hardening articles:

  1. 25 Useful Apache ‘.htaccess’ Tricks to Secure and Customize Websites
  2. How to Password Protect Web Directories in Apache Using .htaccess File
  3. How to Hide Apache Version Number and Other Sensitive Info
  4. Protect Apache Against Brute Force or DDoS Attacks Using Mod_Security and Mod_evasive

That’s all! To share any thoughts concerning this guide, make use of the feedback form below. And remember to always stay connected to

Posted by Web Monkey