Table of Contents
Applicable to: Cloudways Flexible only.
This article will help you manually redirect your website from HTTP to HTTPS protocol using the Cloudways Platform. When you launch a new application, HTTPS redirection is enabled by default.
Securing a website with an SSL certificate is not enough to protect it, as intruders can still access your website on an unsecured HTTP protocol just by typing HTTP before your website URL. Therefore, you need to force HTTPS redirection using the Cloudways Platform to avoid intruder intervention. This means creating a 301 permanent redirect to redirect users from an unsecured HTTP version of your website to a secured HTTPS version.
Important
If you are using WAF services such as Cloudflare, Sucuri, etc., or if you are implementing Custom HTTPS redirection using an application plugin or by modifying your application's .htaccess file, then you do not need to force HTTPS redirection from Cloudways Platform because your website may run into errors or get stuck in redirection loops because of too many redirects.
If you want to force HTTPS redirection from the Cloudways Platform, first disable any redirection mechanism working elsewhere, and then follow this article for guidance.
What is HTTP?
HTTP stands for Hypertext Transfer Protocol. The underlying application layer protocol is used primarily on the World Wide Web (www). It enables users to communicate and exchange information found on web pages, such as images, videos, text, etc.
Having HTTP in front of a website (e.g., http://www.anotherwebsite.ga) tells the internet browser to communicate over the HTTP protocol. This means data exchanged or transferred over HTTP is not encrypted and is considered unsecured; web browsers warn of an unsecured connection.
For instance, this website is requested over HTTP, and the Google Chrome browser shows a “Not secure” warning.
What is HTTPS?
HTTPS refers to Hypertext Transfer Protocol Secure. It is a more secure version of the HTTP protocol as it involves the use of Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL); thus, the communication and data exchange between a web browser and website is more secure and encrypted.
Having HTTPS in front of a website (e.g., https://www.anotherwebsite.ga) tells the internet browser to communicate over the HTTPS protocol. This means data exchanged or transferred over HTTPS is safe and encrypted; web browsers generate a padlock to show their security.
For instance, this website is requested over HTTPS, and the Google Chrome browser shows a padlock.
Why Migrate to HTTPS?
HTTPS is currently a widely used application layer protocol on the World Wide Web, and there are several reasons to migrate to HTTPS.
Hacking a website running on the HTTP protocol is as easy as installing a browser plugin. If your site is hacked, an intruder can steal your login credentials and sensitive information. The intruder can also inject malicious code and Trojan Horse viruses, destroying your website visitor’s experience and damaging a user's trust in your business.
HTTPS is more secure, and it is highly recommended that you have an SSL certificate and run your websites and eCommerce stores on HTTPS. These websites process sensitive information, so any flaw in this system can cause calamity. Moreover, many browsers generate warnings if the connection between a browser and a website is unsecured, which can lead to users not being confident in doing business on your website.
The ranking boost may sound good for your business when your website is running on HTTPS, as Google prefers secure websites running on HTTPS over unsecured websites running on HTTP.
Google Analytics is one of the world’s great analytics services. Still, it can show wrong referral statistics if any user is coming on your HTTP website from the HTTPS website because that traffic is treated as “Direct Traffic.” However, if someone goes from the HTTPS website to the HTTPS website, only the correct referral statistics can be obtained, and you can easily keep track of referral statistics.
How to Redirect HTTP to HTTPS
Prerequisites
Before applying redirection, you need to make sure that the SSL Certificate is deployed on your website. Click here to learn about an SSL Certificate and the differences between Single, Multiple, and Wildcard SSL.
The following kinds of SSL Certificates can be installed using the Cloudways Platform.
Here are a few steps that can help redirect your website to HTTPS using the Cloudways Platform. Alternatively, you can also watch the video below:
Log in to your Cloudways Platform using your credentials.
From the top menu bar, open Servers.
Next, choose the server where your desired application is deployed.
Classic Interface
New Interface
Click www (if you are using Classic Interface) or the globe icon (if you are using New Interface).
Next, choose your application.
Classic Interface
New Interface
Under Application Management, select Application Settings.
Navigate to the General tab.
Classic Interface
New Interface
Scroll down and enable HTTPS Redirection.
Classic Interface
New Interface
A dialog box will appear asking for confirmation so after reading the disclaimer, click Yes to proceed with implementing the redirection.
Classic Interface
New Interface
That's it! The HTTPS redirection will now be enabled on your application in a few minutes.
How to Verify HTTPS Redirection
Here are a few simple steps to verify the HTTPS redirection on your website. First, clear your browser’s cache and cookies, purge the Varnish cache, and restart the Apache web server via Cloudways Platform.
You can use a third-party tool such as WhyNoPadlock to see if your website is successfully forcing HTTPS redirection.
Additionally, you can check the redirect map using a third-party tool called Redirect Checker. You will see the HTTP status code 301 redirect, which shows your website's redirection from HTTP to HTTPS. An HTTP status code 301 Moved Permanently refers to a 301 permanent redirect.
Now, you can open your website with HTTP, but all your website requests will be served with HTTPS every time. There are some other safety measures that we recommend you should take after installing an SSL certificate besides HTTPS redirection.
That’s it! We hope this tutorial was helpful. If you need any help, then feel free to search your query on Cloudways Support Center or contact us via chat (Need a Hand > Send us a Message). Alternatively, you can also create a support ticket.