How to force SSL in Ubuntu 14.04 Apache

 (Photo credit: Wikipedia)

Years ago I wrote about a PHP script you can include in your PHP websites to force SSL. Well, It turns out it's easier, more effective and more secure to make this change using a rewrite rule in your Apache configuration file.

In Ubuntu 14.04, you need to enable the Apache rewrite module by running:

a2enmod rewrite

Next you need to edit your website configuration file located in /etc/apache2/sites-available and add the following under DocumentRoot /var/www/yoursitedirectory:

<Directory /var/www/yoursitedirectory/>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</Directory>

After that, save your configuration file and restart Apache by running:

service apache2 restart

After that, not matter what page visitors land on they will be redirected to httpS!

Related articles

• Ubuntu Security Update on VENOM (CVE-2015-3456)
• Web Served: How to make your site all-HTTPS, all the time, for everyone
• Ubuntu: 2602-1: Firefox vulnerabilities
• Mozilla to whack HTTP sites with feature-ban stick