How to force Laravel Project to use HTTPS for all routes?

php ssl https routes laravel-5.2

231,292

Solution 1

You can set 'url' => 'https://youDomain.com' in config/app.php or you could use a middleware class Laravel 5 - redirect to HTTPS.

Solution 2

Place this in the AppServiceProvider in the boot() method

if($this->app->environment('production')) {
    \URL::forceScheme('https');
}

Solution 3

Here are several ways. Choose most convenient.

Configure your web server to redirect all non-secure requests to https. Example of a nginx config:

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name example.com www.example.com;
    return 301 https://example.com$request_uri;
}

Set your environment variable APP_URL using https:
```
APP_URL=https://example.com
```
Use helper secure_url() (Laravel5.6)
Add following string to AppServiceProvider::boot() method (for version 5.4+):
```
\Illuminate\Support\Facades\URL::forceScheme('https');
```

Update:

Implicitly setting scheme for route group (Laravel5.6):

Route::group(['scheme' => 'https'], function () {
    // Route::get(...)->name(...);
});

Solution 4

I used this at the end of the web.php or api.php file and it worked perfectly:

URL::forceScheme('https');

Solution 5

Using the following code in your .htaccess file automatically redirects visitors to the HTTPS version of your site:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

View more solutions

231,292

Nelson Melecio

A Senior Full Stack Developer with a demonstrated history of working in the information technology and services industry. Skilled in PHP, Restful API, WordPress, Laravel, NodeJs, CodeIgniter, Symphony, ASP Core/.Net, C#, MVVC/MVC, Xamarin, VueJs, AngularJs, ReactNative and ReactJs. Strong engineering professional with a Bachelor of Science (BS) focused in Computer Engineering from University of Mindanao.

Updated on July 08, 2022

Comments

Nelson Melecio almost 2 years
I am working on a project that requires a secure connection.

I can set the route, uri, asset to use 'https' via:
```
Route::get('order/details/{id}', ['uses' => 'OrderController@details', 'as' => 'order.details', 'https']);

url($language.'/index', [], true)

asset('css/bootstrap.min.css', true)
```
But setting the parameters all the time seems tiring.

Is there a way to force all routes to generate HTTPS links?
KalC almost 7 years

Middleware is the way to go. Setting the 'url' property didn't work for me (L 5.1).
IceFire over 6 years

this is still not satisfying. It only means that routes that lead to http will be forwarded to https routes but forwarding is detrimental to SEO rankings
jave.web almost 5 years

In my Laravel 5.7.26 5. somehow disabled the website, however 4. worked as charm :)
CodeConnoisseur almost 5 years

I have a hostgator account hosting my laravel app. If I put this in Routes/web.php, it doesn't re route my site to https and the ssl cert is on.
CodeConnoisseur almost 5 years

I am hosting my site on HostGator and I went into the cPanel tools and modified my Laravel 5.7 code and performed number 4 and when I go to my site by just typing mysite.tech, I still get sent to the not secure verion of my site. If I implicitely type mysite.tech then it works. Any idea why 4 did not work?
lomelisan almost 5 years

Have you checked for a .htaccess file? You could force https redirection there too.
CodeConnoisseur almost 5 years

I have two htaccess files, one in my main app directory and the other in my public DIR. I added the code in the post below yours into my main app .htaccess file. Should I also add it in my public .htaccess?
lomelisan almost 5 years

Yeah, I think that's the one is working. Cause that's the place of the index.php file. How does your url index page end? Anyway if that doesn't work for you, HostGator has an impressive support, you could comment their answer as well.
CodeConnoisseur almost 5 years

So that WORKED :D, the only thing now though is that when the site reidrects it adds "/public/" to the end of the url. Do you know how I can trim that off?
Amin Bakhtiari Far over 4 years

This works! but adds index.php after domain name.
Rastalamm over 4 years

Please provide some explanation as to what is going on here.
Nirav Bhoi over 4 years

I am getting index.php after domain name too other way?
Miloslav Milo Janoušek over 4 years

It is better to make condition based on environment (in this case non-local), not debug settings.
Andres Ramos about 4 years

Any solution to avoid adding index.php at the end? it is breaking my routes
cmac about 4 years

This should be set by APP_URL variable in .env
Erlang Parasu almost 4 years

need to call exit; after call header
Jeff Puckett almost 4 years

this worked for me inside the RouteServiceProvider, but not AppServiceProvider for some reason 🤔
Rutvi Trivedi almost 4 years

I have APIs in my project will this run APIs as it is?
saber tabatabaee yazdi over 3 years

for laravel it should in public folder ... this is worked for me and other solution here didnt work on my cpanel server
Nhan over 3 years

Did you still have to configure in .htaccess or this alone was enough?
Husam about 3 years

THANKS! This is the only solution worked for me, I faced this issue only on AWS Elastic Beanstalk with load balancer. I think Laravel could not generate https toutes because the connection between the load balancer and the ec2 (ubunto server) is an http.
Clean Code Studio about 3 years

@Nhan did not have to configure .htaccess at the time, that may have been because it was already configured properly.
Clean Code Studio about 3 years

@Husam Interesting, I was working on an AWS project at the time of this post as well! That being said - if I'm remembering properly - I used this https setup in local development. I'm not sure if the other implementations didn't work because we had some AWS things happening locally or if it's just an interesting coincidence. Either way, thanks for pointing out the AWS detail!
vfsoraki over 2 years

For some unknown reason, this is the only thing that worked for me. HTTPS "on" was the only thing I needed to add, although nginx includes a line like fastcgi_param HTTPS $https if_not_empty but it did not work as expected, so I had to manually add this and force backend to use HTTPS;
Sayd Fuad over 2 years

Anyone reading this, just replace 'RewriteEngine On' with the above code in your.htaccess file
Ishaan over 2 years

This is a good option, instead of updating any server file.
Tarik Manoar over 2 years

Thanks it worked laravel 7 and 8 perfectly thanks again
bcag2 about 2 years

it is not enough in my case (apache proxy -> php/nginx container with laravel 8.x), I have Letsencrypt certificate and virtualhost are ok, I should configure app/Http/Middleware/TrustProxies.php to add local IP proxy and it should be present in protected $middleware in app/Http/kernel.php
Jacey about 2 years

When I used this my email verifications no longer worked. When clicking the verification link, users would get a 403: Invalid Signature
Disapamok almost 2 years

This worked for me too. the correct .env config for this is: APP_ENV=production
Rbbn almost 2 years

This worked this night!