How to Redirect HTTP to HTTPS?

Updated on December 9, 2021

It is not enough to secure a website with an SSL certificate; you must also implement HTTPS redirection to direct visitors from an unsecured HTTP to a secured HTTPS version.

This KB will go through how to redirect from HTTP to HTTPS, what HTTP and HTTPS are, and why redirects are necessary.

Table of Content:

  1. What are HTTP and HTTPS?
  2. Importance of HTTPS
  3. Redirect to HTTPS

1) What is HTTP and HTTPS?

HTTP – No Data Encryption: Every URL begins with HTTP, which stands for “Hypertext Transfer Protocol.” This network protocol standard enables web browsers and servers to communicate with one another.

HTTP requests a connection, which your web browser delivers to the server, and revert back by opening the page. Unfortunately, HTTP can be intercepted and potentially manipulated, exposing both sender and receiver information.

HTTPS – Encrypted Connection: HTTPS is also called “Hypertext Transfer Protocol,” but it is supported by Transport Layer Security (TLS) and inheritor of Secure Sockets Layer (SSL).

The “S” in HTTPS is the abbreviation of “Secure,” an encrypted connection between a web server and a browser. TLS not only encrypts data sent between the server and browser but also authenticates the server you’re connecting to and protects that data from being tampered with.

Any information you put into the site, such as username/password, credit card, or bank information, will be sent in text format and thus vulnerable to interception if HTTPS is not used. Before entering any information, make sure that the site is using HTTPS.

2) Importance of HTTPS

The apparent benefits of using HTTPS include authenticating the server, encrypting data delivery, and preventing exchanges from hacking. Visitors must trust your website, especially if they are providing you financial information, and using HTTPS is a way to prove to them that any information they provide on the website will be secure, private & encrypted.

HTTPS uses an SSL or TLS Digital Certificate to encrypt communication between the server and the client. As a result, even if you enter HTTP://, it will redirect to https over a secure connection. In most circumstances, HTTPS-enabled sites will have a redirect in place.

Google has also announced back in 2014 that sites that use HTTPS will have an edge over unsecured sites.. Along with all of the SEO benefits , HTTPS is a clear sign to build credibility among your website visitors and search engines of course.. Hence, HTTPS is ideal not just for security but also for referred data.

HTTP/2, which provides browser upgrades over conventional HTTP, is supported by the majority of browsers. Users will benefit from quicker surfing speeds as well as data encryption when HTTPS is enabled.

3) Redirect to HTTPS

SSL must be installed on your website before proceeding to redirect from HTTP to HTTPS.

To install the SSL, Devrims offers FREE Let’s Encrypt SSL Certificate. Install an unlimited number of free Let’s Encrypt SSL certificates in 1-click for each of your domains to protect your domain while increasing your website’s reputation.

Note: We have a knowledge base article on How to install free SSL certificate on your application.

This step will show the steps via the command line for LAMP stack and LEMP stack.

LAMP STACK:

Navigate to the application webroot folder
  • Open and edit the .htaccess file.
  • Add the below rule in the top line before # BEGIN WordPress.
Open and edit the .htaccess file.
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
  • Save and exit the .htaccess file.

Note: Must restart the Apache. Below is the screenshot for your reference. 

Must restart the Apache

LEMP STACK:

Navigate to the application webroot
  • Open and edit the nginx.conf file.
  • Add the below rule in the top line.
if ($server_port = 80 ) {
return 301 https://$host$request_uri;
}
Open and edit the nginx.conf file.

Note: Must restart the Nginx. Below is the screenshot for your reference. 

Must restart the Nginx.

Now visit your website with HTTP, you’ll see that all of your requests will be served via HTTPS. 

Need More Help!

Type in your question at the knowledge base website or comment below

Leave a Comment

Your email address will not be published. Required fields are marked *