How do I force all visitors of my website to use secure connection (HTTPS)?

Created:

2016-12-30 18:47:05 UTC

Modified:

2017-08-08 13:08:51 UTC

6

Was this article helpful?


Have more questions?

Submit a request

How do I force all visitors of my website to use secure connection (HTTPS)?

Applicable to:

  • Plesk for Windows
  • Plesk for Linux

Question

How do I force all visitors of my website to use secure connection (HTTPS)?

Answer

  • For Plesk Onyx:
    • Go to Subscriptions > example.com > Hosting Settings and enable Permanent SEO-safe 301 redirect from HTTP to HTTPS under Security section. More details about this new feature in Plesk Onyx are available in Plesk Administrator's Guide.
      Note: SSL/TLS support must be enabled to unlock HTTP to HTTPS redirect.
  • For Plesk 12.5 and lower:
    • Linux setup with Apache rewrite module:
      1. Make sure that rewrite Apache module is enabled in Tools & Settings > Apache Web Server
        Note: If it is disabled it should be reenabled.
      2. Go to Domains > example.com > Web Server Settings (or Apache & nginx Settings) and put following configuration to Additional directives for HTTP:
        <IfModule mod_rewrite.c>
            RewriteEngine on
            RewriteCond %{HTTPS} !=on
            RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R,QSA]
        </IfModule>
    • Linux setup with nginx rewrite rule:
      • If nginx is enabled add the following rule in Domains > example.com > Apache & nginx Settings > Additional nginx directives:
        if ($ssl_protocol = "") {
            rewrite ^/(.*) https://$server_name/$1 permanent;
        }
  • Windows
    Note: This configuration only works on IIS 7 or newer and requires IIS Rewrite installed on target server
    Note: IIS Rewrite can be downloaded from official IIS website
    • Create file web.config in document root of the domain and put following configuration inside:
      <?xml version="1.0" encoding="UTF-8"?>
        <configuration>
          <system.webServer>
            <rewrite>
              <rules>
                <rule name="http to https" stopProcessing="true">
                <match url="(.*)" />
                <conditions>
                  <add input="{HTTPS}" pattern="^OFF$" />
                </conditions>
                <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Permanent" />
                </rule>
              </rules>
            </rewrite>
          </system.webServer>
        </configuration>

      Note: this configuration could also be created via URL Rewrite GUI following this guide
Have more questions? Submit a request
Please sign in to leave a comment.