Apache config can be used to force all your traffic over https.


Using https should be considered standard practice many years now.  Some registrars allow to define this in their panel, but you could as well do this in your own server config.  Benefits of doing it yourself are finer control and not putting a third party in between, after all, under the hood something very similar will happen anyway.


<VirtualHost *:80>

ServerName ict.mind-heart-soul.org
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
RewriteRule ^/?(.*) https://ict.mind-heart-soul.org/$1 [R=301,L]


This is the only code needed in your port 80 config, the port 443 needs full information (like document root and SSL parameters).  Optionally you could still do access / error logging.

This particular config excludes the “/.well-known/acme-challenge/ to allow LetsEncrypt domain ownership checks.  (Needs escaping, as you can see.)

Most notable, the used RewriteRule will redirect to the exact resource, but then over https.  This means http://example.com/path/page.php?query=resource will be redirected to https://example.com/path/page.php?query=resource upon visit.  A possible alternative is ommitting $1 and then all traffic will be redirected to the siteroot over https, meaning everything would be redicted to https://example.com/ upon visit.

The R=301 marks a permanent redirect, which means a browsers should remember  the information and upon next visit go immediately to the https redirected page, which speeds up user visit (but is not recommended for debugging rules).  The L marks “last rule” meaning it should not parse any further.

NOTE : this code needs to be implemented in EACH virtual host, as it includes the domain of the respective website.