How to auto redirect to HTTPS links

Published in: Apache2, SSL



I have been recently on a binge mode in converting all my sites to https. Including this one. It was long overdue. Thanks to the guys at “Let’s Encrypt” and their automated script called certbot, the whole process is insanely easy to set up. It literally took me less than 3 minutes each on all the sites I have enabled HTTPS for. I highly recommend that you also do the same, whether you end up going for a commercial solution or use the free solution provided by Let’s Encrypt, you can’t go wrong with this decision. HTTPS has a lot of benefits, more specifically your browsing habits are not logged (ISPs by law have to keep logs of their user data in some countries) because of encrypted traffic; for instance your ISP will be able to see that you went to slashgeek website, but they won’t know specifically what URL’s or links within the site you visited. On the Search engine and browser side of things, Search engine gives more prominence to sites that have HTTPS enabled – resulting in more traffic to your site (at least in theory). Browsers are increasingly being hostile towards non-https sites by giving out warnings on their browser. I don’t think it will be far-fetched to think that not too long in the future HTTPS will be mandatory for all site in order for browsers to allow you to visit links.

Certbot does a great job of mostly automate the HTTPS process but it doesn’t auto-redirect users to HTTPS sites by default. This creates a potential conflict where now you have both HTTP and https links and this might have potential SEO implications, not to mention the insecure HTTP links are still there.

The solution is pretty easy. For NGINX you will need to add this piece to code at the end of the config, usually located at /etc/nginx/sites-enabled/:

# Redirect non-https traffic to https
if ($scheme != "https") {
     return 301 https://www.example.net$request_uri;
}
# Replace example with your domain name, ie, slashgeek

For Apache web server, the config file is usually located at /etc/apache2/sites-enabled/

RewriteEngine on
RewriteCond %{SERVER_NAME} =slashgeek.net
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
# Replace example with your domain name, ie, slashgeek

The HTTP response status code 301 Moved Permanently is used for permanent URL redirection, meaning current links or records using the URL that the response is received for should be updated. This is good for SEO, instead of using some WordPress plugin or disabling port 80, which might have negative SEO implications.

So what are you waiting for? You should definitely move to https as soon as possible.


about | twitter | facebook | archive | rss