最近在架服务时，突然蹦出个强制都走 https 的念头，找了一下果然可以用 rewrite rules 来解决 :P

$ sudo a2ensite default-ssl
$ sudo a2enmode rewrite ssl
$ sudo vim default
DocumentRoot /var/www
<Directory />
  Options FollowSymLinks
  AllowOverride None

  RewriteEngine on
  RewriteCond %{SERVER_PORT} !^443$
  RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
</Directory>
<Directory /var/www/>
  Options Indexes FollowSymLinks MultiViews
  AllowOverride None
  Order allow,deny
  allow from all

  RewriteEngine on
  RewriteCond %{SERVER_PORT} !^443$
  RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
</Directory>