===== Use rewrite rule to redirect http to https connection =====

For first entry server accepting connection from unsafe WAN:

  rewriteCond %{HTTPS} !on
  rewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

If used on another server behind internal load balancers, ssl off-loaders:

  rewriteCond %{HTTPS} !on
  rewriteCond %{HTTP:X-Forwarded-Proto} !https
  rewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

The difference in the two rules are the check for X-Forwarded-Proto header which can be spoofed and thus not a good check to use at the first point of contact from WAN.