view raw
2by 2by - 9 months ago 91
Apache Configuration Question

How do I force HTTPS (Cloudflare Flexible SSL)?

I am using Cloudflare Flexible SSL on a website I programmed myself (no framework or CMS). Everything is working and now I want to use HTTPS on the whole site. I use PHP on Apache web server.

I am wondering how I should approach this and redirect all users to HTTPS.

Currently my .htaccess is set up like this:

# Force www.
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule ^(.*)$$1 [R=301,L]

I have seen this answer on stackoverflow, but it points to another answer which is not as simple and doesn't recommend rewrites.

This is the Apache recommendation:

<VirtualHost *:80>
Redirect "/" ""
</VirtualHost >

<VirtualHost *:443>
# ... SSL configuration goes here
</VirtualHost >

But frankly, I have no clue what this means.

How can I redirect users to HTTPS and www? Anything I should be aware of, when switching to HTTPS?


The best way is to use Cloudflare.

On the Cloudflare website:

  1. Go to "Page Rules" top button
  2. Add new rule: Always use https [ON]

Or you can use in your .htaccess:

RewriteEngine On
# Redirect with www
RewriteCond %{HTTP_HOST} !^www\.example\.com [NC,OR]
# Redirect to https
#    With Cloudflare:
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
#    Without Cloudflare:
# RewriteCond %{HTTPS} off 
RewriteRule ^{REQUEST_URI} [NE,R=301,L]