What is HTTP/ HTTPS and difference between them?
HTTP
HTTPS
- HTTP stands for Hyper Text Transfer Protocol.
- HTTP is an application layer network protocol which is built on top of TCP.
- It works on port 80.
- Encryption is not enabled. HTTP remains focused on presenting the information, but cares less about the way this information travels from one place to another. Unfortunately, this means that HTTP can be intercepted and potentially altered, making both the information and the information receiver (that’s you) vulnerable.
- HTTPS stand for Hyper Text Transfer Protocol Secure.
- HTTPS work on Transport Layer Security (TLS), it was also known as Secure Sockets Layer (SSL).
- It works on port 443.
- HTTPS also allows you to create a secure encrypted connection between the server and the browser.
Note: Without HTTPS, any data you enter into the site (such as your username/password, credit card or bank details, any other form submission data, etc.) will be sent plain text and therefore susceptible to interception or eavesdropping.
Apache - Redirect HTTP to HTTPS
The Below mentioned steps describe the configuration of Apache to have the website loaded completely over HTTPS. Please read our background infomation on Securing your complete website with SSL
Then you have to enable mod_rewrite package on the server and restart apache. Use below commands to enable the package and restart apache.
Debian/Ubuntu
sudo a2enmod rewrite && sudo service apache2 restart
RedHat/Centos
This module can be activated by adding the following line to your httpd.conf, if not there already:
LoadModule rewrite_module modules/mod_rewrite.so
After enabling the mod_rewrite module you should enable the possibility for an .htaccess file to overwrite you server configuration.
This can be done by adding the line AllowOverride All to your virtualhost file.
Just add this into apache site config and change the domain.
ServName cyberbuddy.in
ServerAlias www.cyberbuddy.in
Redirect / https://www.cyberbuddy.in/
Below point is optional, if you want to implemenet redirection in your .htaccess file
Just Add below lines in .htaccess
RewriteEngine on
RewriteCond %{HTTPS} off # meaning not being connected via https
RewriteRule ^(.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301]# redirect to https
Nginx - Redirect HTTP to HTTPS
Just add this into nginx site config and change the domain.
Also, Please read our background infomation on Securing your complete website with SSL.
server {
listen 80;
server_name cyberbuddy.in www.cyberbuddy.in;
location / {
rewrite ^(.*) https://www.cyberbuddy.in$request_uri;
}
}
server {
listen {IP}:443 ssl;
server_name cyberbuddy.in www.cyberbuddy.in;
ssl_certificate /etc/ssl/certs/cyberbuddy.in/cyberbuddy_in.crt;
ssl_certificate_key /etc/ssl/certs/cyberbuddy.in/cyberbuddy_in.key;
root “/var/www/cyberbuddy.in”;
error_log “/var/log/nginx/error.cyberbuddy.in.log”;
location / {
try_files $uri $uri/ index.html;
}
}
Yash
Thanks a lot, it’s very helpful
Rajat Malik
Appreciate mate!
Let me know about more topics which you are facing issues, I will try to post the best solution. 🙂
saurabh batham
Awesome buddy ……..It is really helpful.
praveen kumar sharma
it really helping me.
the implementation of SSL.
Josef
It’s very easy to find out any matter on net as compared to textbooks, as I found this paragraph at this
web site.