2by 2by - 1 year ago 159
Apache Configuration Question

How do I force HTTPS (Cloudflare Flexible SSL)?

I am using Cloudflare Flexible SSL on a website I programmed myself (no framework or CMS). Everything is working and now I want to use HTTPS on the whole site. I use PHP on Apache web server.

I am wondering how I should approach this and redirect all users to HTTPS.

Currently my .htaccess is set up like this:

# Force www.
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

I have seen this answer on stackoverflow, but it points to another answer which is not as simple and doesn't recommend rewrites.

This is the Apache recommendation:

<VirtualHost *:80>
ServerName www.example.com
Redirect "/" "https://www.example.com/"
</VirtualHost >

<VirtualHost *:443>
ServerName www.example.com
# ... SSL configuration goes here
</VirtualHost >

But frankly, I have no clue what this means.

How can I redirect users to HTTPS and www? Anything I should be aware of, when switching to HTTPS?

Answer Source

The best way is to use Cloudflare.

On the Cloudflare website:

  1. Go to "Page Rules" top button
  2. Add new rule: Always use https [ON]

Or you can use in your .htaccess:

RewriteEngine On
# Redirect with www
RewriteCond %{HTTP_HOST} !^www\.example\.com [NC,OR]
# Redirect to https
#    With Cloudflare:
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
#    Without Cloudflare:
# RewriteCond %{HTTPS} off 
RewriteRule ^ https://www.example.com%{REQUEST_URI} [NE,R=301,L]