There was a problem loading the comments.

How to Force HTTPS with a 301 Redirect on Apache, Nginx, and IIS

Support Portal  »  Knowledgebase  »  Viewing Article

  Print

Quick answer: Force HTTPS with a permanent 301 redirect. On Apache use a RewriteRule in .htaccess; on Nginx return 301 in a port-80 server block; on IIS add a URL Rewrite rule. Most control panels offer a one-click force HTTPS toggle, which is simpler and less error-prone.

Installing a certificate does not send visitors to the secure version of your site - you have to add a redirect that forwards every HTTP request to HTTPS. Use a permanent (301) redirect so search engines transfer ranking to the HTTPS URLs. Here is the rule for each common web server.

Apache (.htaccess)

Add this near the top of the site's .htaccess file:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

Nginx

Add a dedicated server block that listens on port 80 and redirects everything to HTTPS:

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    return 301 https://$host$request_uri;
}

Reload after testing the config: nginx -t && systemctl reload nginx.

IIS (web.config with URL Rewrite)

With the URL Rewrite module installed, add a rule to the site's web.config:

<rule name="Force HTTPS" stopProcessing="true">
  <match url="(.*)" />
  <conditions>
    <add input="{HTTPS}" pattern="off" />
  </conditions>
  <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
</rule>

The one-click option

Most control panels offer a "force HTTPS" toggle that writes the correct rule for you. On cPanel it is Force HTTPS Redirect; on Plesk it is Permanent SEO-safe 301 redirect from HTTP to HTTPS. Use it if available - it is simpler and less error-prone than editing files.

Test it

Visit http://yourdomain.com and confirm the browser lands on https:// automatically. Check both the bare domain and www. Clear caches so an old non-redirected page is not served.

Frequently asked questions

Why use a 301 rather than 302?
A 301 is permanent, so search engines transfer ranking to the HTTPS URLs.

Is there an easier way than editing config?
Yes - cPanel and Plesk both have a one-click force-HTTPS option.

On a SoftSys managed VPS our team sets the HTTPS redirect for every domain when SSL is installed, so visitors always reach the secure version without you touching a config file.


Share via
Did you find this article useful?  

Related Articles

Tags

© Softsys Hosting