It is not enough to secure a website with an SSL certificate; you must also implement HTTPS redirection to direct visitors from an unsecured HTTP to a secured HTTPS version.
This KB will go through how to redirect from HTTP to HTTPS, what HTTP and HTTPS are, and why redirects are necessary.
Table of Content:
1) What is HTTP and HTTPS?
HTTP – No Data Encryption: Every URL begins with HTTP, which stands for “Hypertext Transfer Protocol.” This network protocol standard enables web browsers and servers to communicate with one another.
HTTP requests a connection, which your web browser delivers to the server, and revert back by opening the page. Unfortunately, HTTP can be intercepted and potentially manipulated, exposing both sender and receiver information.
HTTPS – Encrypted Connection: HTTPS is also called “Hypertext Transfer Protocol,” but it is supported by Transport Layer Security (TLS) and inheritor of Secure Sockets Layer (SSL).
The “S” in HTTPS is the abbreviation of “Secure,” an encrypted connection between a web server and a browser. TLS not only encrypts data sent between the server and browser but also authenticates the server you’re connecting to and protects that data from being tampered with.
Any information you put into the site, such as username/password, credit card, or bank information, will be sent in text format and thus vulnerable to interception if HTTPS is not used. Before entering any information, make sure that the site is using HTTPS.
2) Importance of HTTPS
The apparent benefits of using HTTPS include authenticating the server, encrypting data delivery, and preventing exchanges from hacking. Visitors must trust your website, especially if they are providing you financial information, and using HTTPS is a way to prove to them that any information they provide on the website will be secure, private & encrypted.
HTTPS uses an SSL or TLS Digital Certificate to encrypt communication between the server and the client. As a result, even if you enter HTTP://, it will redirect to https over a secure connection. In most circumstances, HTTPS-enabled sites will have a redirect in place.
Google has also announced back in 2014 that sites that use HTTPS will have an edge over unsecured sites.. Along with all of the SEO benefits , HTTPS is a clear sign to build credibility among your website visitors and search engines of course.. Hence, HTTPS is ideal not just for security but also for referred data.
HTTP/2, which provides browser upgrades over conventional HTTP, is supported by the majority of browsers. Users will benefit from quicker surfing speeds as well as data encryption when HTTPS is enabled.
3) Redirect to HTTPS
SSL must be installed on your website before proceeding to redirect from HTTP to HTTPS.
To install the SSL, Devrims offers FREE Let’s Encrypt SSL Certificate. Install an unlimited number of free Let’s Encrypt SSL certificates in 1-click for each of your domains to protect your domain while increasing your website’s reputation.
Note: We have a knowledge base article on How to install free SSL certificate on your application.
This step will show the steps via the command line for LAMP stack and LEMP stack.
LAMP STACK:
- To connect your application via SSH using Master User or Application SSH Credentials, visit How to connect your application via SSH and SFTP.
- Navigate to the application webroot, i.e., public_html folder.
- Open and edit the .htaccess file.
- Add the below rule in the top line before # BEGIN WordPress.
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
- Save and exit the .htaccess file.
Note: Must restart the Apache. Below is the screenshot for your reference.
LEMP STACK:
- To connect your application via SSH using Master User or Application SSH Credentials, visit How to connect your application via SSH and SFTP.
- Navigate to the application webroot, i.e., public_html folder.
- Open and edit the nginx.conf file.
- Add the below rule in the top line.
if ($server_port = 80 ) {
return 301 https://$host$request_uri;
} 
Note: Must restart the Nginx. Below is the screenshot for your reference.
Now visit your website with HTTP, you’ll see that all of your requests will be served via HTTPS.
