I have just had all the script variations tested by Pui Cdm, included answers above and many others using php, htaccess, server configuration, and Javascript, the results are that the script
<script type="text/javascript">
function showProtocall() {
if (window.location.protocol != "https") {
window.location = "https://" + window.location.href.substring(window.location.protocol.length, window.location.href.length);
window.location.reload();
}
}
showProtocall();
</script>
provided by vivek-srivastava works best and you can add further security in java script.