How to Force HTTPS on Web Servers
I’ve seen plenty of websites that use https but don’t force it by default, this isn’t considered a good security practice and should be resolved promptly. Below lists five of the most popular web servers (Nginx, Apache, IIS, OpenLitespeed and Lighttpd) configurations to force HTTPS by default. All tests were carried out on a local Debian Stretch server with the exception of IIS. All http:// requests will be (301) Moved Permanently to https:// with respected request path....