I am working on a project that requires a secure connection.
I can set the route, uri, asset to use 'https' via:
Route::get('order/details/{id}', ['uses' => 'OrderController@details', 'as' => 'order.details', 'https']); url($language.'/index', [], true) asset('css/bootstrap.min.css', true) But setting the parameters all the time seems tiring.
Is there a way to force all routes to generate HTTPS links?
Place this in the AppServiceProvider in the boot() method
if($this->app->environment('production')) { \URL::forceScheme('https'); } 
Here are several ways. Choose most convenient.
Configure your web server to redirect all non-secure requests to https. Example of a nginx config:
server { listen 80 default_server; listen [::]:80 default_server; server_name example.com www.example.com; return 301 https://example.com$request_uri; } Set your environment variable APP_URL using https:
APP_URL=https://example.com Use helper secure_url() (Laravel5.6)
Add following string to AppServiceProvider::boot() method (for version 5.4+):
\Illuminate\Support\Facades\URL::forceScheme('https'); Update:
Implicitly setting scheme for route group (Laravel5.6):
Route::group(['scheme' => 'https'], function () { // Route::get(...)->name(...); }); 
5. somehow disabled the website, however 4. worked as charm :)
4. Resolved the issue for meI used this at the end of the web.php or api.php file and it worked perfectly:
URL::forceScheme('https'); 
You can set 'url' => 'https://youDomain.com' in config/app.php or you could use a middleware class Laravel 5 - redirect to HTTPS.
http will be forwarded to https routes but forwarding is detrimental to SEO rankings
Using the following code in your .htaccess file automatically redirects visitors to the HTTPS version of your site:
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 
"2020 Update? Url::forceScheme was acting funky for me, but this worked liked a dime."
https code snippet.
resolve(\Illuminate\Routing\UrlGenerator::class)->forceScheme('https');
app/providers/RouteServiceProvider.php. /** * Define your route model bindings, pattern filters, etc. * * @return void */ public function boot() { resolve(\Illuminate\Routing\UrlGenerator::class)->forceScheme('https'); parent::boot(); } php artisan route:clear && composer dumpautoload to clear Laravel's cached routes and cached Service Providers.
.htaccess or this alone was enough?
Add this to your .htaccess code
RewriteEngine On RewriteCond %{SERVER_PORT} 80 RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L] Replace www.yourdomain.com with your domain name. This will force all the urls of your domain to use https. Make sure you have https certificate installed and configured on your domain. If you do not see https in green as secure, press f12 on chrome and fix all the mixed errors in the console tab.
Hope this helps!
index.php after domain name.
Add this before the class name of this file app\Providers\AppServiceProvider.php
use Illuminate\Support\Facades\URL; Then paste this code inside the boot function of app\Providers\AppServiceProvider.php file
if (config('app.env') === 'production') { URL::forceScheme('https'); } 
I would prefer forceScheme instead of doing it on a web server. So Laravel app should be responsible for it.
So right way is to add if statement inside boot function in your app/Providers/AppServiceProvider.php
if (env('APP_ENV') === 'production') { \Illuminate\Support\Facades\URL::forceScheme('https'); } Tip: to prove that you have APP_ENV configured correctly. Go to your Linux server, type env
This was tested on Laravel 5, specifically 5.6.
APP_ENV=productionFor laravel 8, if you tried all of the above methods but got browser redirected you too many times error, please set proxies in TrustProxies middleware like the following:
App\Http\Middleware\TrustProxies.php
/** * The trusted proxies for this application. * * @var array|string|null */ protected $proxies = '*'; 
public function boot() { if(config('app.debug')!=true) { \URL::forceScheme('https'); } } in app/Providers/AppServiceProvider.php
Here's another option, this works on laravel 8.*. I'm not sure of lower versions though:
Add the ASSET_URL variable to your .env file.
For example:
ASSET_URL=https://secure-domain.com You can find more info here: Laravel Helpers
Hint: pay attention to the comments in the link above.
I figured out how to do this in a load-balanced infrastructure.
You need to add in you Nginx config:
location ~ \.php$ { include snippets/fastcgi-php.conf; # # With php-fpm (or other unix sockets): fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; add_header X-Forwarded-Proto https; add_header X-Forwarded-Port 443; add_header Ssl-Offloaded "1"; add_header Access-Control-Allow-Origin "*"; fastcgi_param HTTPS "on"; fastcgi_param HTTP_X_FORWARDED_PROTO "https"; } The importer pieces are the add_headers and pastcgi_params, it works like a charm through an AWS load balancer.
HTTPS "on" was the only thing I needed to add, although nginx includes a line like fastcgi_param HTTPS $https if_not_empty but it did not work as expected, so I had to manually add this and force backend to use HTTPS;
HTTPS on turned out to be the only thing I needed. Instead of enforcing Laravel, this one is good and could perform better.In your .env file, just use
FORCE_HTTPS=true This worked for me and you can also together set APP Url to https://your-site.com as an additional step
The better way to solute this issue is : -> go to public folder, ->edit .htaccess just add this code below :
RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] -> and save. -> close and re-open browser.
try this - it will work in RouteServiceProvider file
$url = \Request::url(); $check = strstr($url,"http://"); if($check) { $newUrl = str_replace("http","https",$url); header("Location:".$newUrl); } 
I tried many option. and find that to use it in AppServiceProvider.php is the best option.
you can set condition for different environment , like 'production','stage','local'. here is how i use in my every laravel project for security purpose.
so in local environment it works with "HTTP". and in other environment it only allows URL to have "HTTPS".
public function boot() { // if application is in production then, it only allows request url's having "HTTPS" if ($this->app->environment('production')) { URL::forceScheme('https'); } else { URL::forceScheme('http'); } } in .env config add line
ASSET_URL=https://yourdomain.com
What about just using .htaccess file to achieve https redirect? This should be placed in project root (not in public folder). Your server needs to be configured to point at project root directory.
<IfModule mod_rewrite.c> RewriteEngine On # Force SSL RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] # Remove public folder form URL RewriteRule ^(.*)$ public/$1 [L] </IfModule> 
I'm using Apache server, the most efficient I think just change the virtual host configuration. Change it like this
<VirtualHost *:80> ServerName www.yourdomain.com Redirect / https://www.yourdomain.com </VirtualHost> <VirtualHost _default_:443> ServerName www.yourdomain.com DocumentRoot /usr/local/apache2/htdocs SSLEngine On # etc... </VirtualHost> 
app/Http/Middleware/TrustProxies.php to add local IP proxy and it should be present in protected $middleware in app/Http/kernel.phpUse the function secure_url() from laravel 5.2
$url = secure_url('user/profile'); {{ secure_url('your-link') }} //instead url() reference laravel secure_url() function
No need for long process: simply go to your config/admin.php and set this to yes. If it's not there, add it.
/* |-------------------------------------------------------------------------- | Access via `https` |-------------------------------------------------------------------------- | | If your page is going to be accessed via https, set it to `true`. | */ 'https' => env('ADMIN_HTTPS', true), 
ADMIN_HTTPS environment variable?