86

On my apache server I'd like to be able to redirect all incoming http requests to the equivalent https request. The catch is that I'd like to be able to do this for my default virtual host without specifying the ServerName and have the redirect work with whatever server name appeared in the request url. I'm hoping for something like this:

NameVirtualHost *:80
<VirtualHost *:80>
    RedirectPermanent / https://%{SERVER_NAME}/
    ...
</VirtualHost>

Is this possible using Redirect or will I have to resort to Rewrite?

highlycaffeinated
  • 19,729
  • 9
  • 60
  • 91

5 Answers5

125

Try adding this in your vhost config:

RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
Jon Lin
  • 142,182
  • 29
  • 220
  • 220
  • * You may need to add mod_rewrite. For ubuntu or debian-based hosts, the following would work: `sudo a2enmod rewrite` which would stop any configtest / apache2 configuration errors. (Which a stock setup would receive, provided you use the vhost additions provided above) – Joseph Orlando Nov 12 '14 at 05:28
  • this works only for the main domain (e.g `http://mywebiste.com` -> `https://mywebiste.com`) what if i've also subdomaind (`http://blog.mywebiste.com`->`https://blog.mywebiste.com`) ? – EsseTi Mar 13 '16 at 14:36
  • 19
    You may have to add **RewriteCond %{HTTPS} off** after **RewriteEngine On** otherwise you may get a **ERR_TOO_MANY_REDIRECTS** – Max S. Mar 24 '16 at 14:42
  • 1
    Small typo. A slash is missing, the rewriteRule should be `https://%{HTTP_HOST}/$1 [R=301,L]` – Dunatotatos Apr 12 '18 at 14:50
  • 1
    @Dunatotatos in the vhost, the URI contains a leading `/`, but in an htaccess file, the `/` prefix is removed. If the rule was in an htaccess file, we'd indeed need a `/` before the `$1` – Jon Lin Apr 12 '18 at 15:26
87

Both works fine. But according to the Apache docs you should avoid using mod_rewrite for simple redirections, and use Redirect instead. So according to them, you should preferably do:

<VirtualHost *:80>
    ServerName www.example.com
    Redirect / https://www.example.com/
</VirtualHost>

<VirtualHost *:443>
    ServerName www.example.com
    # ... SSL configuration goes here
</VirtualHost>

The first / after Redirect is the url, the second part is where it should be redirected.

You can also use it to redirect URLs to a subdomain: Redirect /one/ http://one.example.com/

JuanMoreno
  • 2,498
  • 1
  • 25
  • 34
orszaczky
  • 13,301
  • 8
  • 47
  • 54
  • 55
    This doesn't answer **Without specifying the ServerName** part of the question – Zam Sunk Mar 31 '16 at 14:52
  • 1
    This works for my setup. Also don't forget the trailing slash or it won't redirect with subfolders properly – vdidxho Dec 22 '18 at 20:44
  • Thanks, very helpful and much less complex. – kiwicomb123 Mar 17 '19 at 23:34
  • If you want to redirect https://example.com to https://www.example.com, don't forget to put the SSL configuration into VirtualHost: ServerName example.com SSLEngine on SSLCertificateFile ... SSLCertificateKeyFile ... Redirect permanent / https://www.example.com/ or it will redirect via default 443 virtualhost with not correct SSL certificate. Also don't forget the trailing slash or it won't redirect with subfolders properly (as vdidxho mantioned.) – David Najman Aug 06 '19 at 13:05
38

This is the complete way to omit unneeded redirects, too ;)

These rules are intended to be used in .htaccess files, as a RewriteRule in a *:80 VirtualHost entry needs no Conditions.

RewriteEngine on
RewriteCond %{HTTPS} off [OR] 
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]

Eplanations:

RewriteEngine on

==> enable the engine at all

RewriteCond %{HTTPS} off [OR]

==> match on non-https connections, or (not setting [OR] would cause an implicit AND !)

RewriteCond %{HTTP:X-Forwarded-Proto} !https

==> match on forwarded connections (proxy, loadbalancer, etc.) without https

RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R=301,L]

==> if one of both Conditions match, do the rewrite of the whole URL, sending a 301 to have this 'learned' by the client (some do, some don't) and the L for the last rule.

Jimmy Koerting
  • 1,231
  • 1
  • 14
  • 27
  • Another problem, your `RewriteRule` will probably never match; pretty sure you want to drop the slash: `RewriteRule ^(.*) …` – Mark Fox Dec 02 '13 at 08:30
  • Pretty sure I won't. You missed the / syntax of the target including the 'L' flag. The other way is doing it like Jon Lin. – Jimmy Koerting Dec 02 '13 at 17:55
  • 11
    The RewriteCond is completely superfluous in this case; since the VirtualHost is already defined as ``, `%{SERVER_PORT}` will never be 443 in the first place so the condition will always match. – Doktor J May 30 '14 at 16:34
  • 1
    * You may need to add mod_rewrite. For ubuntu or debian-based hosts, the following would work: `sudo a2enmod rewrite` which would stop any configtest / apache2 configuration errors. (Which a stock setup would receive, provided you use the vhost additions provided above) – Joseph Orlando Nov 12 '14 at 05:29
0

In my case, for http://jaimemontoya.com to redirect to https://jaimemontoya.com, I went to /etc/apache2/sites-available/jaimemontoya.com.conf and added these two lines:

RewriteEngine On
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]

The final version of /etc/apache2/sites-available/jaimemontoya.com.conf became this:

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    ServerName jaimemontoya.com
    ServerAlias www.jaimemontoya.com
    DocumentRoot /var/www/jaimemontoya.com
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    RewriteEngine On
    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>

Finally, I restarted Apache:

# service apache2 restart

Then all visits to http://jaimemontoya.com redirect visitors to https://jaimemontoya.com.

Jaime Montoya
  • 6,915
  • 14
  • 67
  • 103
-1

I have use mkcert to create infinites *.dev.net subdomains & localhost with valid HTTPS/SSL certs (Windows 10 XAMPP & Linux Debian 10 Apache2)

I create the certs on Windows with mkcert v1.4.0 (execute CMD as Administrator):

mkcert -install
mkcert localhost "*.dev.net"

This create in Windows 10 this files (I will install it first in Windows 10 XAMPP)

localhost+1.pem
localhost+1-key.pem

Overwrite the XAMPP default certs:

copy "localhost+1.pem" C:\xampp\apache\conf\ssl.crt\server.crt
copy "localhost+1-key.pem"  C:\xampp\apache\conf\ssl.key\server.key

Now, in Apache2 for Debian 10, activate SSL & vhost_alias

a2enmod vhosts_alias
a2enmod ssl
a2ensite default-ssl
systemctl restart apache2

For vhost_alias add this Apache2 config:

nano /etc/apache2/sites-available/999-vhosts_alias.conf

With this content:

<VirtualHost *:80>
   UseCanonicalName Off
   ServerAlias *.dev.net
   VirtualDocumentRoot "/var/www/html/%0/"
</VirtualHost>

Add the site:

a2ensite 999-vhosts_alias

Copy the certs to /root/mkcert by SSH and let overwrite the Debian ones:

systemctl stop apache2

mv /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/certs/ssl-cert-snakeoil.pem.bak
mv /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/private/ssl-cert-snakeoil.key.bak

cp "localhost+1.pem" /etc/ssl/certs/ssl-cert-snakeoil.pem
cp "localhost+1-key.pem" /etc/ssl/private/ssl-cert-snakeoil.key

chown root:ssl-cert /etc/ssl/private/ssl-cert-snakeoil.key
chmod 640 /etc/ssl/private/ssl-cert-snakeoil.key

systemctl start apache2

Edit the SSL config

nano /etc/apache2/sites-enabled/default-ssl.conf

At the start edit the file with this content:

<IfModule mod_ssl.c>
    <VirtualHost *:443>

            UseCanonicalName Off
            ServerAlias *.dev.net
            ServerAdmin webmaster@localhost

            # DocumentRoot /var/www/html/
            VirtualDocumentRoot /var/www/html/%0/

...

Last restart:

systemctl restart apache2

NOTE: don´t forget to create the folders for your subdomains in /var/www/html/

/var/www/html/subdomain1.dev.net
/var/www/html/subdomain2.dev.net
/var/www/html/subdomain3.dev.net
davidjimenez75
  • 45
  • 3
  • 1
    This has nothing to do with the question. OP asked about redirecting http traffic to https, not creating and installing certificates. – Tejes Sep 20 '22 at 09:34