Thursday, April 17, 2014

Apache: How To Redirect http to https

If you want to direct traffic from your http so that it gets encrypted, this is really easy to do in Apache:

Step one: Set up your https vhost:

<IfModule mod_ssl.c>
DocumentRoot /var/www
# other server options go here as needed
# - logging for example
SSLEngine on
SSLCertificateFile /etc/ssl/certs/example.cert
SSLCertificateKeyFile /etc/ssl/private/example.key
# Add other SSL specific options as needed</pre>

Step two: Set up your http vhost:

RedirectPermanent /

We have previously posted more information on enabling SSL in Apache.

Obviously, instead of and you'll have to use your own IP and hostname, whatever they may be.

Note that this will redirect everything from http to https. Finer control is possible, for example you could do:

RedirectPermanent /secure/

Or you could use RewriteRules for even more control. However, in the age of mass surveillance and constant threats from hackers, a general redirect to https is a good idea.


  1. Hi, I've had problem because I only bought cert for non www for example so when client entered will cause problem. They will not redirected to So here's the fix:

    NameVirtualHost *:80

    RedirectPermanent /

    Thought I could share here. Thanks again.

  2. Yup, (without a preceding hostname) and are unique and would require different certificates. - without a prefix - would also not be covered by a * wildcard certificate, which is counter-intuitive to a lot of people. Thanks for your comment, passerby!

  3. Just want to let the readers know that they must include the bracket angle and slash. Wordpress is filtering html code so they must edit accordingly. Thanks