Not only can you do this in your .htaccess file, you should be doing this period. You will also want to follow the steps here to get your site listed on the HSTS preload list after you implement this redirect so that any requests to the insecure http version of your website never make it past the user agent. Instead, the user agent checks the requested URI against a baked in list of https only websites and, if the requested URI is on that list, changes the protocol from http to https before transmitting the request to the server. Therefore, the insecure request never makes it out into the wild and never hits the server. Eventually when the internet changes over to https only the HSTS preload list will not be needed. Until then, every site should be using it.

为了执行重定向，我们需要启用重写引擎，然后将所有流量从http端口80重定向到https。

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yourwebsite.tld/$1 [L,R=301]

如果您无法直接访问站点的apache配置，许多托管平台仍然以这种方式受到限制，那么我实际上会推荐两步方法。为什么Apache自己的文件，你应该首先使用他们的配置选项mod_rewrite的HTTP到HTTPS。

首先，如上所述，你将设置你的.htaccess mod_rewrite规则:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

然后，在你的PHP文件中(你需要在任何适合你的情况下这样做，一些网站将通过一个PHP文件汇集所有请求，其他网站根据他们的需求和正在发出的请求提供各种页面):

<?php if ($_SERVER['HTTPS'] != 'on') { exit(1); } ?>

需要在任何可能在不安全环境中暴露安全数据的代码之前运行上述代码。因此，您的站点通过HTACCESS和mod_rewrite使用自动重定向，而您的脚本确保不通过HTTPS访问时不提供输出。

我想大多数人都不这么想，因此Apache建议在可能的情况下不要使用这种方法。但是，它只需要在开发端进行额外的检查，以确保用户数据的安全。希望这能帮助那些由于我们的托管服务端的限制而不得不考虑使用非推荐方法的人。

我尝试了所有我能在互联网上找到的。htaccess配置，但没有一个有效。 然后，我意识到Apache不鼓励使用mod_rewrite。

我的解决方案是在以下文件夹下编辑apache配置文件: /etc/apache2/sites-enabled

您将有一个名为000-default.conf的强制文件和一个名为000-default-le-ssl.conf的ssl配置文件(如果您从letsencrypt/certbot安装了ssl证书)。但是，这些文件的名称可能不同，这取决于您在设置网站时提供的文件名。

在000-default.conf中，我在<VirtualHost *:80>中编辑了以下内容:

<VirtualHost *:80>
    ServerName example.com
    Redirect / https://example.com/
</VirtualHost>

在000-default-le-ssl.conf中，我在<VirtualHost *:80>中编辑了以下内容:

<VirtualHost *:80>
    ServerName example.com
    Redirect / https://example.com/
</VirtualHost>

不需要其他重定向。

保存文件，然后使用sudo service apache2 restart重启apache服务器

Not only can you do this in your .htaccess file, you should be doing this period. You will also want to follow the steps here to get your site listed on the HSTS preload list after you implement this redirect so that any requests to the insecure http version of your website never make it past the user agent. Instead, the user agent checks the requested URI against a baked in list of https only websites and, if the requested URI is on that list, changes the protocol from http to https before transmitting the request to the server. Therefore, the insecure request never makes it out into the wild and never hits the server. Eventually when the internet changes over to https only the HSTS preload list will not be needed. Until then, every site should be using it.

为了执行重定向，我们需要启用重写引擎，然后将所有流量从http端口80重定向到https。

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://yourwebsite.tld/$1 [L,R=301]

Apache文档不建议使用重写:

要重定向http url到https，请执行以下操作: < VirtualHost *: 80 > ServerName www.example.com 重定向/ https://www.example.com/ < /虚拟主机> < VirtualHost *: 443 > ServerName www.example.com #……SSL配置在这里 < /虚拟主机>

这段代码应该放在主服务器配置文件中，而不是像问题中要求的那样放在.htaccess中。

这篇文章可能是在问题被提出和回答之后才出现的，但似乎是目前的做法。

这将重定向所有的url到https和www

RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTPS_HOST} !^www.example.com$ [NC,OR]
RewriteCond %{HTTP_HOST} !^www.example.com$ [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]