In the long journey of security, moving from HTTP to HTTPS is one of the many steps you will need to do. So, the first question is: why you just don't close port 80/TCP? The answer is more an SEO matter than a security one; if you close port 80/tcp when Google and any other indexing engine will try to contact you, it will time out. This, in Google's eyes, means an off-line server; an off-line server is a candidate to be taken out of the indexing.
HTTPS also adds integrity to your website. If someone alters something, your browser will report an error in the connection.
Doing a proper redirection, for example from http://inside-out.xyz/path/script.php?parameters to https://inside-out.xyz/path/script.php?parameters is the correct way. Google will understand the HTTP error code 301 and it will reindex you with the correct URL.
Here is the .htaccess file I use:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^127.0.0
RewriteCond %{REMOTE_HOST} !^127.0.0
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]This will allow HTTP redirection for all queries but those that come to IP 127.0.0.x. You can play with the regular expression to make exceptions.
Remember to modify Apache's configuration in the <Directory> tag to allow all to be overwritten.
Enjoy!
";