How to force https scheme on a Laravel app

Now a days tools we use to browse the internet require us to follow security standards otherwise they tend to flag our web applications / sites as unsecure.

This can be stressful, I myself have been struggling with this situation for sometime on every Laravel application i have built.Here is an overview on the steps that you can take to make sure your Laravel application is always secure and with https.

STEP 1

First you need to purchase an ssl certificate from your desired hosting provider or certificate authority.

Some Example

https://www.digicert.com

https://hostnasi.com

After you have purchased your desired ssl certificate move to install it to your server and follow the processes below to make sure your Laravel application always points to https.

Force HTTPS with a Middleware

To force redirect a http url to https you can use a middleware to handle the redirect. This is just a simple solution and don’t require a change to the server.

You can make the middleware by running “php artisan make:middleware HttpsMiddleware” and it will generate a file like below (or just copy and paste this file in app/Http/Middleware/HttpsMiddleware.php). This will check if the request is secure, if it is not secure, it will redirect the user to the secure/https URL.

namespace App\Http\Middleware;

use Closure;
use Illuminate\Support\Facades\App;

class HttpsMiddleware
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next)
{
if (!$request->secure() && app()->environment('production')) {
return redirect()->secure($request->getRequestUri());
}

return $next($request);
}
}

Then In your Kernel which is found on (app/Http/Kernel.php) you can place the created middleware in the web group, which is applied to every request to your Laravel application.

See below

protected $middlewareGroups = [
'web' => [
\App\Http\Middleware\EncryptCookies::class,

\Illuminate\Routing\Middleware\SubstituteBindings::class,
\App\Http\Middleware\HttpsMiddleware::class
],

'api' => [
'throttle:60,1',
],
];

Force HTTPS with nginx

Change nginx server configuration to the following

server {
listen 80;
listen [::]:80;
server_name yoursite.com www.yoursite.com;
return 301 https://yoursite.com$request_uri;
}

What this does is listening on port 80 (HTTP traffic) and redirect all traffic to example.cm & www.yoursite.com to the new HTTPS-URL, yoursite.com/*.

Based on the $request_uri parameter, nginx will redirect the user to its original URL but then the HTTPS version.

Force HTTPS with .htaccess (Most common )

You can also force https on the.htaccess file it’s possible to redirect all your HTTP requests to HTTPS. It’s just a few lines of code, that will check if the request is not HTTPS, if so, it will be redirected to the HTTPS version of your application.

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Before you go… Thanks for reading the article! If you enjoyed it, please don’t forget to show your appreciation by clicking 👏 below!

Any questions or comments hit me up on

Mail: epmnzava@gmail.com

Twitter: https://twitter.com/epmnzava

Github: https://github.com/dbrax

Software Engineer and techprenuer with passion of helping entreprenuers and small businesses using Technology