0

How can I force HTTPS on my website? I tried the solution from this answer, but for some reason I get redirected to the parent directory when I visit the index page by clicking on a link (it worked fine before adding those lines of code in .htaccess). Also, when I try to visit my website using HTTP, it lets me do it. What am I missing?

sgrontflix
  • 91
  • 1
  • 9
  • 2
    Sounds like you have an issue with how a trailing or missing trailing slash is handled by a) that answer and b) your setup. – arkascha Jun 06 '17 at 16:25
  • 1
    Add the contents of your `.htaccess` file to your question. "I get redirected to the parent directory when I visit the index page" / "when I try to visit my website using HTTP, it lets me do it" - do you get redirected or not? – MrWhite Jun 06 '17 at 16:55

1 Answers1

1

With Apache, you have several alternatives - including .htaccess.

Look here:

Per the documentation, your best bet is to use a Redirect directive inside the non-secureVirtualHost:

NameVirtualHost *:80
<VirtualHost *:80>
   ServerName mysite.example.com
   DocumentRoot /usr/local/apache2/htdocs
   Redirect permanent /secure https://mysite.example.com/secure
</VirtualHost>

<VirtualHost _default_:443>
   ServerName mysite.example.com
   DocumentRoot /usr/local/apache2/htdocs
   SSLEngine On
# etc...
</VirtualHost>

Here is an .htaccess example, from the same link:

 Redirect permanent /login https://mysite.example.com/login

Finally, look here for additional troubleshooting tips (for example, forgetting 'NameVirtualHost *:443' to enable Named virtual hosting for port 443):

Why might Apache ignore a virtual host with a ServerName matching the requested URL?

paulsm4
  • 114,292
  • 17
  • 138
  • 190
  • If I use `Redirect permanent /login https://mysite.example.com/login`, it gives me this error: `ERR_TOO_MANY_REDIRECTS`. Also, I'm using altervista.org to host my website, so I don't know where the exact files are located at. – sgrontflix Jun 06 '17 at 16:40
  • Not sure why that article appears to suggest using `Redirect` in `.htaccess` to perform the HTTP to HTTPS redirect - that will indeed result in a redirect loop (unless the destination URL is a different server, which is unlikely)?! (Yes, `Redirect` can be used in `.htaccess`, but not for this purpose.) If you are doing this in `.htaccess` then you will _need_ to use mod_rewrite as you will _need_ to be able to check whether the current request is HTTP or already HTTPS. – MrWhite Jun 06 '17 at 17:06
  • @user82217 I followed the second example from [this](https://wiki.apache.org/httpd/RewriteHTTPToHTTPS) link, but it doesn't seem to work either. Any suggestions? – sgrontflix Jun 06 '17 at 19:11