Forcing HTTP to redirect to HTTPS

SSL, or Secure Sockets Layer, is the industry-standard technology for establishing an encrypted link between a web server and a browser. This allows information like credit card numbers, login details, and more, to be transmitted securely. SSL is used by millions of websites in the protection of their online transactions with their customers.

All projects published on Surge recieve free, basic SSL support; if your project is http://my-project.surge.sh then https://my-project.surge.sh will also work.

To make the http:// version always re-direct to the https:// version, publish your project to the https:// URL explicitly:

surge --domain https://my-project.surge.sh

This is especially useful as search engines including Google have placed increase emphasis on securing all sites:

we’re starting to use HTTPS as a ranking signal. For now it's only a very lightweight signal… we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

Zineb Ait Bahajji & Gary Illyes, [HTTPS as a ranking signal](http://googleonlinesecurity.blogspot.ca/2014/08/https-as-ranking-signal_6.html)

You can also save this domain to a CNAME file, so you don’t have to type it in each time.

Redirecting your custom domain to HTTPS

You may also redirect http:// to https:// for your custom domain in exactly the same way:

  1. Add a custom domain.

  2. Add a custom SSL certificate. (This feature is part of Surge Plus)

  3. Publish your project to the https:// URL explicitly:

    surge --domain https://example.com