Redirect http to https in Yii2 .htaccess

Question

htaccess file which redirects my advanced Yii2 app to frontend index.php file for that there is already an .htaccess file. which has following lines..

This is Right Now my .HTACCESS at root directory

Options -Indexes

<IfModule mod_rewrite.c> 
 RewriteEngine on

  RewriteCond %{REQUEST_URI} !^public
  RewriteRule ^(.*)$ frontend/web/$1 [L] 
</IfModule>

# Deny accessing below extensions
  <Files ~ "(.json|.lock|.git)">
    Order allow,deny
    Deny from all
  </Files>

# Deny accessing dot files
  RewriteRule (^\.|/\.) - [F]

now i searched internet and i found this if i want to redirect to https then i have to add this.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} 

so i added like this....

Options -Indexes

<IfModule mod_rewrite.c> 
  RewriteEngine on

  RewriteCond %{HTTPS} off
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} 

  RewriteCond %{REQUEST_URI} !^public
  RewriteRule ^(.*)$ frontend/web/$1 [L] 
</IfModule>

# Deny accessing below extensions
  <Files ~ "(.json|.lock|.git)">
    Order allow,deny
    Deny from all
  </Files>

# Deny accessing dot files
  RewriteRule (^\.|/\.) - [F]

then it loads website withouat any js and css... and also it is in http. But content it requires should be in https.

I do understand it is because of my another rewrite statement. But i am not so expertise in it. Please mae some suggetion.

Here this thing if it is alone it works perfect without any problem.

  RewriteCond %{HTTPS} off
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} 

It will send my http to https. So it works perfact.

Or if this is alone

   RewriteCond %{REQUEST_URI} !^public
   RewriteRule ^(.*)$ frontend/web/$1 [L] 

This rule tells that execute index.php file from the [.htaccess Directory/frontend/web/] directory . Means execute frontend/web/index.php . Here it is very important to do this as this is as per the framework structure.

So i have to combine these two rules together and build a .htaccess which will work for both scenario.

CONCLUSION

So my .HTACESS should tell the server we have to run [.HTACESS DIR/frontend/web/index.php] in https.

UPDATE TO QUESTION

this is the .htaccess under frontend/web/ folder where my index.php is

And this is at root/frontend/web folder where index.php exists.

RewriteEngine on

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . index.php

Do i have to add https thing here ?

Answer 1

The easiest way might be setting the on beforeRequest event handler in /config/web.php like so:

...
'bootstrap' => ['log'],
'on beforeRequest' => function ($event) {
    if(!Yii::$app->request->isSecureConnection){
        $url = Yii::$app->request->getAbsoluteUrl();
        $url = str_replace('http:', 'https:', $url);
        Yii::$app->getResponse()->redirect($url);
        Yii::$app->end();
    }
},
...