How to Redirect HTTP to HTTPS

redirect http to https

The adoption of HTTPS has been growing rapidly, especially with the recent release of free SSL certificates via Let’s Encrypt. In fact, as of June 22, 2016, Let’s Encrypt has issued more than 5 million certificates in total with approximately 3.8 million of them currently activele certs issued june 22 2016

As it stands at the time of writing this article, 45% of page loads on the web are using HTTPS to deliver content. Migrating to HTTPS is becoming easier and cheaper to do, which is a contributing factor to why its adoption rate is growing. However, what exactly are the benefits of using HTTPS over HTTP?

Benefits of Redirecting HTTP to HTTPS

Apart from the security benefits that SSL certificates provide, there are also multiple additional benefits to delivering content over HTTPS as opposed to HTTP, these include:

  • Performance Benefits – Since browsers currently only support HTTP/2 over HTTPS, you can take advantage of the performance benefits that exists from using the new HTTP/2 protocol. Features of HTTP/2 include: it is fully multiplexed, uses header compression, one connection for parallelism, etc.
  • SEO Rankings – Google announced back in 2014 that they would be using HTTPS as a ranking signal. This means that if your site is delivering content over HTTPS you will receive a slight boost in the Google SERPs.
  • Building Trust – Apart from performance, security, and SEO rankings, using HTTPS simply helps build the trust of visitors. It is important to establish a certain level of trust with your website visitors to let them know that their data is safe when browsing / using your website or web-based service.

How to Redirect HTTP to HTTPS

The following sections explain how to redirect HTTP to HTTPS using various web servers. Depending upon the web server you’re using, simply implement the specific HTTP to HTTPS redirection rules that apply to your setup. It is assumed that you have already installed an SSL certificate on your origin server and that your assets are accessible over HTTPS when visiting them directly. In case, you don’t already have an SSL certificate, read our How to order a SSL certificate guide.

Nginx

If you’re using Nginx, add the following snippet to your configuration file. Remember to replace domain.com with your actual domain name.

server {
listen 80;
server_name domain.com www.domain.com;
return 301 https://domain.com$request_uri;
}

Save these changes, and reload Nginx with the following command: service nginx reload. Now, test your site to ensure that the redirect is working properly. Try visiting the HTTP version such as http://domain.com and verify that it properly redirects you to the https:// protocol.

Apache

Alternatively, if you are using an Apache web server, you can redirect HTTP to HTTPS via the .htaccess file. This method can also be used on other web servers if you are using an .htaccess file (e.g. WordPress CMS).

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Add the snippet above to the top of your .htaccess file and save your changes. Then, to ensure the .htaccess rules are properly configured, test the http:// version of your domain to ensure that it is properly 301 redirected to its https:// version.

IIS

Lastly, for IIS users the HTTP to HTTPS redirection process is slightly different. You’ll need to install the URL Rewrite Module for IIS. Once done, you can add the following snippet to you web.config file in the root directory.

<configuration>
<system.webServer>
<rewrite> 
<rules> 
  <rule name="https redirect"> 
    <match url="(.*)" ignoreCase="false" /> 
      <conditions> 
         <add input="{HTTPS}" pattern="off" ignoreCase="false" /> 
      </conditions> 
   <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}{REQUEST_URI}" /> 
  </rule>   
</rules>
</rewrite>
</system.webServer>
</configuration>

Once complete, simply save your web.config file and test an http:// link to your website to ensure that it is being redirected to the https:// version.

Learn More About Migrating from HTTP to HTTPS

Apart from simply performing a redirect from HTTP to HTTPS, there are also other modifications that must be done in order to fully migrate your site to HTTPS. For example, you must ensure that any hard-coded links are updated to use HTTPS, your robots.txt file is updated, your Google Search Console sitemap properly reflects the change to HTTPS, etc. Additionally, if you’re using a CDN, all hard-coded CDN links should be updated and HTTP2 should be enabled (given that you are using a CDN which supports HTTP/2).

To ensure you have accounted for all the changes necessary, read through our complete guide How to Migrate from HTTP to HTTPS.