How to force HTTPS using Plesk 12

If you are using a web application like WordPress it’s recommended to make this change using the web application’s built in function, if available. Click here to learn how to enable HTTPS with WordPress.

Note: It’s strongly recommended to use your web application’s force HTTPS setting as these config values can conflict with the web server’s configuration value, causing infinite redirect loops which are bad for both website uptime and server performance.

The Easy Way: Use Plesk Onyx

Plesk Onyx now comes with an option to force enable HTTPS simply by checking a box. All of our shared servers are now using Onyx, so you can make use of this functionality! Simply log in to Plesk, select “Hosting Settings” under the domain you wish to enable HTTPS, look under the “Security” header and check the box that says: Permanent SEO-safe 301 redirect from HTTP to HTTPS.

Alternative Options

Enable HTTPS with PHP

At the start of your PHP file (more than likely in index.php) enter this:

if($_SERVER["HTTPS"] != "on"){
header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
exit();
}

Enable HTTPS with Apache

If you’re not using nginx/php-fpm performance mode, then you can simply use an .htaccess file to force https. Create a file called .htaccess (if it doesn’t already exist) within your web root, then enter the following within it:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Enable HTTPS with Nginx

If you have admin access to your web server (ie: if you have a dedicated server or virtual server) you can make this change using a custom nginx configuration. Here’s how:

  1. Login to Plesk using your root or admin account
  2. Navigate to the domain’s settings and choose the “Apache & nginx Settings” button
  3. Under the “Additional nginx directives” box (only visible when logged in with admin privileges) enter this:

if ($scheme != "https") {
rewrite ^ https://$host$uri permanent;
}

Save your settings and you should find all requests now redirect to https.

Jordan is a computer, security, and network systems expert and a lover of all things web and tech. Jordan consults with project management for software companies. Jordan is a founder and managing partner at Websavers Inc.

Leave a Comment