Apache 重定向到 HTTPS
Enabling Apache Redirect
There are several methods of enabling an Apache redirect http to https:
- Enable the redirect in the Virtual Host file for the necessary domain.
- Enable it in the .htaccess file (previously created in the web root folder).
- Use the mod_rewrite rule in the Virtual Host file.
- Use it in the .htaccess file to force HTTPS.
Enable Apache Redirect in the Virtual Host
Enabling the redirect in the Virtual Host file is safer and simpler than other options, as the configuration will be similar for all systems. Usually, there are two Virtual Host files on Apache if an SSL certificate is installed: one is for the non-secure port 80, and the other is for the secure port 443. The redirect to HTTPS can be enabled in the virtual host for port 80. If you would like to force HTTPS only for certain webpages, you can use the following set of directives:
<VirtualHost *:80>
ServerName www.yourdomain.com
DocumentRoot /usr/local/apache2/htdocs
Redirect permanent /secure https://yourdomain.com/secure
</VirtualHost>
<VirtualHost _default_:443>
ServerName www.yourdomain.com
DocumentRoot /usr/local/apache2/htdocs
SSLEngine On
...
</VirtualHost>
where /secure is the directory you would like Apache to force https for.
Otherwise, a permanent redirect to HTTPS can be enabled for all the pages of the website:
<VirtualHost *:80>
ServerName www.yourdomain.com
Redirect permanent / https://www.yourdomain.com/
</VirtualHost>
<VirtualHost _default_:443>
ServerName www.yourdomain.com
DocumentRoot /usr/local/apache2/htdocs
SSLEngine On
...
</VirtualHost>
Use .htaccess to Redirect to HTTPS
As an alternative, you can modify the .htaccess file. The following directive can be used in the .htaccess file placed in the document root folder of the website to secure certain pages of the website:
Redirect permanent /secure https://www.yourdomain.com/secure
Use Apache Rewritecond - mod_rewrite Rule
Using the mod_rewrite rule is recommended for experienced users, as the exact configuration can be different on different systems. The syntax of mod_rewrite rules can be complicated - for example, if you would like to redirect to HTTPS certain subfolders that consist of other subfolders. If you are not sure whether mod_rewrite can be used, it is better to enable the redirect to HTTPS in the virtual host file. If you would like to create a redirect for certain pages, the mod_rewrite rule should look like this:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?secure/(.*) https://%{SERVER_NAME}/secure/$1 [R,L]
The redirect for all directories is similar and looks like this:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
Note: To set a redirect with a 301 status code (permanent), you will need to assign this code to the R-flag in brackets by adding "=301".
Now your website will be available via HTTPS by default. To check if the redirects work correctly, please clear the cache in the browser you usually use and open your website or try checking it in another browser.
We would like to emphasize that above-mentioned commands are related only to Debian-based Linux derivatives, like Ubuntu. In case of any specific questions as well as other types of the operating system we would highly recommend contacting your server/hosting provider or referring to official server documentation.
原文:https://www.namecheap.com/support/knowledgebase/article.aspx/9821/38/apache-redirect-to-https
作者:sec314
链接:https://www.sec314.cn/archives/97
文章版权归作者所有,转载请注明出处。