Redirect HTTP to HTTPS on Apache 2.4

The last few day’s I’ve been toying with Nagios, setting up a monitoring system. An Apache redirect to HTTPS was one of the tasks I wanted to accomplish. This would redirect the Nagios vhost from HTTP to HTTPS using an Apache 2.4.6 VirtualHost, and no resource expensive rewrite would be necessary.

HTTP to HTTPS redirect in Apache – using VirtualHosts

An easy HTTP to HTTPS redirect in Apache is often better accomplished in the Apache configuration, if you have access to the configuration files, rather than by using a .htaccess file. A rewrite is often a relatively resource expensive operation.

Apache’s mod_alias provides the Redirect and RedirectMatch directives, which provide a means to redirect one URL to another. This kind of simple redirection of one URL, or a class of URLs, to somewhere else, should be accomplished using these directives rather than a mod_rewrite RewriteRule. The Redirect directives are used to instruct clients to make a new request with a different URL. They are often used when a resource has moved to a new location (source).

Looking to move WordPress to HTTPS? See this guide!

Create Apache VirtualHost directives for HTTP and HTTPS #

The first step in redirecting HTTP traffic to HTTPS in Apache is to create two VirtualHost directives for your website. One for HTTP (*:80) and one for HTTPS (*:443).

I thought you might find this interesting:   Convert decimal to hex in Bash?

The next step is to use the Redirect directive to redirect one VirtualHost to another.

See the following, complete, VirtualHost configuration to redirect Nagios from HTTP to HTTPS on Apache:

<VirtualHost *:443>
  # The ServerName directive sets the request scheme, hostname and port that
  # the server uses to identify itself. This is used when creating
  # redirection URLs. In the context of virtual hosts, the ServerName
  # specifies what hostname must appear in the request's Host: header to
  # match this virtual host. For the default virtual host (this file) this
  # value is not decisive as it is used as a last resort host regardless.
  # However, you must set it for any further virtual host explicitly.

  DocumentRoot /data/

  # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
  # error, crit, alert, emerg.
  # It is also possible to configure the loglevel for particular
  # modules, e.g.
  # LogLevel info ssl:warn

  # For most configuration files from conf-available/, which are
  # enabled or disabled at a global level, it is possible to
  # include a line for only one particular virtual host. For example the
  # following line enables the CGI configuration for this host only
  # after it has been globally disabled with "a2disconf".
  # Include conf-available/serve-cgi-bin.conf

  ScriptAlias /cgi-bin/ "/data/"
  AddHandler php5-script .php
  AddHandler cgi-script .pl .cgi
  DirectoryIndex index.php
  AddType text/html .php
  <Directory "/data/">
       Options None
       AllowOverride None

  <Directory "/data/">
       AllowOverride None
       Options ExecCGI

  ErrorLog /data/log/
  CustomLog /data/log/ combined

  SSLEngine On
  SSLCertificateFile /data/
  SSLCertificateKeyFile /data/
<VirtualHost *:80>
  DocumentRoot /data/
  ErrorLog /data/log/
  CustomLog /data/log/ combined

  Redirect /

Apache’s mod_alias provides the Redirect and RedirectMatch directives, which provide a means to redirect one URL to another. Use this to set up an apache 2.4 redirect from HTTP to HTTPS.

The Redirect / line is what redirects HTTP traffic to HTTPS, e.g from to The rest of the VirtualHost configuration is pretty much self explanatory.

I thought you might find this interesting:   Turn off swap

Pro Tip: For Windows Server IIS you can use IIS’ httpRedirect HTTP to HTTPS

Apache 2.4.6 Require all granted #

One issue you might find upgrading Apache to version 2.4.6 is you have to use Require all granted instead of Order allow,deny and Allow from all when using Access Control:

# 2.2 configuration:
Order allow,deny
Allow from all
# 2.4 configuration:
Require all granted

Please share this post if you found it useful, thank you! If you have a valuable tip, please let me know and drop me a comment.

Please Support

Each post on Sysadmins of the North takes a significant amount of time to research, write, and edit. Therefore, your donation helps a lot! For example, a donation of $3 U.S. buys me a cup of coffee, and as you know: things jsut work better with coffee. A $10 U.S. donation buys me one month of web hosting (yes, hosting costs money). But seriously, thank you for any amount. Much appreciated!

Please donate to support this site if you found a post interesting or if it helped you solve a problem. Thanks! (Tip: no Paypal account required)

If you appreciated this post, then please donate using this Paypal button

Jan Reilink

My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization.

Leave a Reply

2 Comments on "Redirect HTTP to HTTPS on Apache 2.4"

Hi! Join the discussion, leave a reply!

Sort by:   newest | oldest | most voted

I’ve done a redirect from http to https in an application thanks to this article. Only instead of Nagios it was dealing with Koha. But I ended up with 403 error problem and I’ve made several changes already but I get always the same result. Do you think you could help? Koha community won’t do it because this isn’t exactly a Koha issue but an Apache thing instead.

Diva Almeida

I’m sorry, in my last comment message I hit enter key while I was filling the form and it was sent right away.