Redirecting Apache HTTP to HTTPS

Now that everyone can enjoy and use free SSL certificates from Let’s Encrypt, let’s all encrypt!

To forward HTTP requests to secure HTTPS, there are multiple options.

If you’re using some kind of panel to edit Apache configuration (like ISPConfig) that does not allow to edit the virtual host for HTTP separate from the virtual host for HTTPS, you can use this configuration in both configuration containers:

RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

If you’re able to edit the virtual host for HTTP separately, Apache recommends using “Redirect”: http://httpd.apache.org/docs/current/rewrite/avoid.html#redirect

<VirtualHost *:80>
    ServerName www.example.com
    Redirect "/" "https://www.example.com/"
</VirtualHost>

<VirtualHost *:443>
    ServerName www.example.com
    # ... SSL configuration goes here
</VirtualHost>

By the way: if you’re using ISPConfig, I can recommend installing the Let’s Encrypt plugin from https://github.com/alexalouit/ISPConfig-letsencrypt. The plugin will be included into the upcoming new version of ISPConfig >3.1.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.