You could force a redirect within web2py. I do this with most of my applications:
In a model: if request.controller == 'default' and request.function == 'user': request.requires_https() This will force all user operations (login, profile, reset_password, etc) to use HTTPS. The advantage to doing it through web2py rather than through the web server is that if you get sick of Apache, you don't have to worry about this again with your new web server.
