realtebo
realtebo

Reputation: 25699

Laravel: how to force HTTPS?

I'm starting to develop a new big app, and I'm using Laravel this time, and it's the first time.

I need to force HTTPS for all pages, it's not important if from code or by .htaccess, but I'm not able to find a simple tutorial.

The official docs dosn't speak about this problem.

For info, my acutal .htaccess is

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews
    </IfModule>

    RewriteEngine On

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)/$ /$1 [L,R=301]

    # Handle Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>

My question is specific to Laravel 5, because I ve no idea on where and how modify this .htaccess file. And also I'am asking you if this is the right way for Laravel or if Laravel has something specific to setup to handle HTTPs.

So please do not close my question and try to be more adherent to the Laravel specific topic.

If you can post a simple way to modify this file AND/OR What to modify in Laravel config to properly handle https.

But in short yes, I want to force every call to transit on HTTPS.

Upvotes: 17

Views: 67699

Answers (14)

A.Amlas
A.Amlas

Reputation: 1

I faced the same issue, "forcing HTTPS for my app" when I deployed to Heroku. Apparently, when I tried to force HTTPS connection using htaccess file it did not work. I forced the connection using

APP_URL = https://example.com/ and ASSET_URL = https://example.com/

This also solved my issue with the CSS and js files "blocked mixed-content"

Upvotes: 0

ExpertWeblancer
ExpertWeblancer

Reputation: 1476

In my experience, I solved this issue to add the code to .htaccess.

RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/$1 [L]

Hopefully, it would be helpful for you. Good luck.

Upvotes: 0

Pushkraj Jori
Pushkraj Jori

Reputation: 369

This .htaccess will remove /public/ from your URL and force https://

Put this .htaccess in your root folder without renaming server.php file to index.php this .htaccess will do everything

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews -Indexes
    </IfModule>

    RewriteEngine On
    RewriteCond %{HTTPS} !=on    
    RewriteCond %{REQUEST_URI} !^public
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    RewriteRule ^(.*)$ public/$1 [L]

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} (.+)/$
    RewriteRule ^ %1 [L,R=301]

    # Send Requests To Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L] 

</IfModule>

Upvotes: 0

Dipu Chandra Dey
Dipu Chandra Dey

Reputation: 11

past this code in htaccess file

<IfModule mod_rewrite.c>
    RewriteEngine On        
    RewriteCond %{HTTPS} !=on    
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    RewriteRule ^(.*)$ public/$1 [L]
</IfModule>

Upvotes: 0

kelvin
kelvin

Reputation: 51

This worked for me

<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteRule ^(.*)$ public/$1 [L]
    RewriteCond %{HTTPS} !=on
    RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} !^public [L,R=301]
</IfModule>

Upvotes: 1

Amitesh Bharti
Amitesh Bharti

Reputation: 15785

When you want to Render all URLs with https the simplest method is to use the code below in the boot() function of app/Providers/AppServiceProvider.php:

\URL::forceScheme('https');

Upvotes: 5

Meror
Meror

Reputation: 21

This is my config, with other configs from the topic I had a cyclic redirect.

(also redirects www to without www)

RewriteEngine On



RewriteBase /
#redirect from www to non-www(https)
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]

# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]

# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

Upvotes: 1

fcva
fcva

Reputation: 449

Change your domain in .htaccess by:

RewriteCond %{HTTP_HOST} mydomain.com [NC]

RewriteRule ^(.*)$ https://mydomain/$1 [R,L]

<IfModule mod_rewrite.c>
  <IfModule mod_negotiation.c>
      Options -MultiViews
  </IfModule>

  RewriteEngine On

  # Added to Force HTTPS
  RewriteCond %{HTTP_HOST} mydomain\.com [NC]
  RewriteCond %{SERVER_PORT} 80
  RewriteRule ^(.*)$ https://mydomain/$1 [R,L]

  # Redirect Trailing Slashes If Not A Folder...
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.*)/$ /$1 [L,R=301]

  # Handle Front Controller...
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteRule ^ index.php [L]

  # Handle Authorization Header
  RewriteCond %{HTTP:Authorization} .
  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>

Upvotes: 3

Cristovam Ruiz Jr
Cristovam Ruiz Jr

Reputation: 11

This worked for me:

# Check if HTTPS is enabled
#RewriteCond %{HTTPS} ^on$ [NC]
#RewriteCond %{QUERY_STRING} !https-is-on [NC]
#RewriteRule (.*) /?https-is-on [R,L]

# Redirect all HTTP to HTTPS requests
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]

# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]

# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]

# Remove index.php from the url
RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC]
RewriteRule (.*?)index\.php/*(.*) /$1$2 [R=301,NE,L]

Upvotes: 1

Jeybin George
Jeybin George

Reputation: 458

Try changing the "APP_URL" in the .env file from

APP_URL = http://example.com

to

APP_URL = https://example.com

Upvotes: 0

Manford Benjamin
Manford Benjamin

Reputation: 397

Add this to the boot method in AppServiceProvider

if($this->app->environment('production'))
{
   $this->app['request']->server->set('HTTPS','on');
}

Upvotes: 3

Mortada Jafar
Mortada Jafar

Reputation: 3689

You need adding this to your .htaccess file:

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://YOURWEBSITEDOMAIN/$1 [R,L]

See this: http://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file

Upvotes: 38

Sandeesh
Sandeesh

Reputation: 11936

You could try searching here first. There's tons of questions for the same issue with answers.

https://stackoverflow.com/a/4399158/5892849

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Upvotes: 3

Bhaumik Pandhi
Bhaumik Pandhi

Reputation: 2683

Try adding this code in your .htaccess file.

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Upvotes: 26

Related Questions