301 Redirect: all HTTP requests to HTTPS

I’m trying to redirect all insecure HTTP based requests on my site (http://www.example.com) to HTTPS (https://www.example.com). My page uses PHP,  how can I do this redirect usig .htaccess with Apache web server?

That was the question made by one customer earlier this week. First things first: the redirection from HTTP to HTTPS is done at web server level, altough it can be done using PHP, no PHP is involved at all in this solution.

Redirect HTTP requests to HTTPS Step by Step

We will now create a full HTTP .htaccess redirect to HTTPS. A http based redirection is way better than a PHP-based redirect, in fact, hardcoded redirections is not a good practice at all and should always be avoided.

The key point here for the redirection is the web server. Each time you visit a website the first thing that answers your query is the web server, and is the best one to handle redirects, before even any code is executed in the background.

Setting up a SSL Certificate is now more easy than ever with the new adoption of Free Let’s Encrypt SSL digital certificates, as we’ve covered before on a few tutorials like enabling autossl on cPanel, or installing let’s encrypt on CentOS servers.

After installing your own SSL certificate, you should always create a 301 redirect in order to avoid duplicate content issues, this is good for both things: avoid penalties to your site by Google, and also to enforce users to use your HTTPS based version.

In order to redirect all HTTP requests to HTTPS we will place this code inside your .htaccess file in your root directory:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.dominio.com//$1 [R,L]
</IfModule>

If you are using Nginx web server, you can use the following code inside your vhost configuration:

server {
listen 80;
listen [::]:80;
server_name dominio.com www.dominio.com;
return 301 https://dominio.com$request_uri;
}

After that, restart Nginx to apply changes:

service nginx reload

Test your .htaccess 301 redirect from http to https

The simple way to test this is to clear your browser cache, then just browse your old URL using http:

http://www.yoursite.com

This should redirect to: https://www.yoursite.com

Another way to test it is using CURL from your local terminal (only for Linux and Mac users):

curl -I http://www.yoursite.com

As you see on the next image, your request should be redirected right to the https version, for both things, the root domain, and all the rest of the URLs.

HTTP requests to HTTPS redirection working perfectly

That’s all, at this point your HTTP to HTTPS 301 redirect should be working.

About the Author: Martin Keler

Leave a Reply

Your email address will not be published. Required fields are marked *