I'm looking for the best way to redirect users from a public website (like example.com) to its secure version (https://www.example.com) when they enter either example.com or www.example.com in their browsers. Should this be handled through DNS redirection or should I configure something specifically on my web server?
3 Answers
Definitely go with server configuration for redirection. DNS itself can’t handle this kind of redirect. If you're using web servers like Apache or NGINX, make sure to set up your redirect correctly. There are plenty of tutorials available that cover this.
The best practice is to set up the redirection on your web server. You can enforce HSTS (HTTP Strict Transport Security) to help browsers remember to always use HTTPS. However, it won't assist the very first visit since it only applies after the initial connection. Check out the HSTS header documentation for more details!
I'd recommend setting up a reverse proxy in front of your actual servers, like NGINX, which can simplify your infrastructure. Using HSTS is also good, but for a solid hard redirect from HTTP to HTTPS, the proxy will help manage this efficiently.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures