I am using Cloudflare Flexible SSL on a website I programmed myself (no framework or CMS). Everything is working and now I want to use HTTPS on the whole site. I use PHP on Apache web server.

I am wondering how I should approach this and redirect all users to HTTPS.

Currently my .htaccess is set up like this:

# Force www.
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

I have seen this answer on stackoverflow, but it points to another answer which is not as simple and doesn't recommend rewrites.

This is the Apache recommendation:

<VirtualHost *:80>
    ServerName www.example.com
    Redirect "/" "https://www.example.com/"
</VirtualHost >

<VirtualHost *:443>
    ServerName www.example.com
    # ... SSL configuration goes here
</VirtualHost >

But frankly, I have no clue what this means.

How can I redirect users to HTTPS and www? Anything I should be aware of, when switching to HTTPS?

The best way is to use Cloudflare.

On the Cloudflare website:

1. Go to "Page Rules" top button
2. Add new rule: Always use https [ON]

Or you can use in your .htaccess:

RewriteEngine On
# Redirect with www
RewriteCond %{HTTP_HOST} !^www\.example\.com [NC,OR]
# Redirect to https
#    With Cloudflare:
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
#    Without Cloudflare:
# RewriteCond %{HTTPS} off 
RewriteRule ^ https://www.example.com%{REQUEST_URI} [NE,R=301,L]

Looks like all of the previous answers are out-of-date.

Here's what worked for me:

RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTP:CF-Visitor} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

I came up with this by going to the support article How do I fix the infinite redirect loop error after enabling Flexible SSL with WordPress?. Then I went to the the linked CloudFlare Flexible SSL. I looked at the source code and I found this:

public function run() {

  $aIcwpHttpsServerOpts = array( 'HTTP_CF_VISITOR', 'HTTP_X_FORWARDED_PROTO' );
  foreach( $aIcwpHttpsServerOpts as $sOption ) {

    if ( isset( $_SERVER[ $sOption ] ) && ( strpos( $_SERVER[ $sOption ], 'https' ) !== false ) ) {
      $_SERVER[ 'HTTPS' ] = 'on';
      break;
    }
  }

  if ( is_admin() ) {
    add_action( 'admin_init', array( $this, 'maintainPluginLoadPosition') );
  }
}

Then I translated that into an .htaccess rule.

Well I Think there is an easy way to do
just open cloud flare dashbaoard
go to crypto section
in SSL section select full scroll down and you will see this section

Always Use HTTPS Redirect all requests with scheme “HTTP” to “HTTPS”. This applies to all HTTP requests to the zone.
turn it to on
all done

Source

Something like this might work:

   RewriteEngine On
   RewriteCond %{HTTPS} off
   RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

You could try putting this in your .htaccess file.

RewriteEngine On
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteRule ^(.*)$ https://www.example.com$1 [L]    

This will check to see if the visitor is visiting over http. If so it will redirect to the https version of the same page.