How to force Laravel Project to use HTTPS for all routes?
Solution 1
You can set 'url' => 'https://youDomain.com'
in config/app.php
or you could use a middleware class Laravel 5 - redirect to HTTPS.
Solution 2
Place this in the AppServiceProvider in the boot() method
if($this->app->environment('production')) {
\URL::forceScheme('https');
}
Solution 3
Here are several ways. Choose most convenient.
-
Configure your web server to redirect all non-secure requests to https. Example of a nginx config:
server { listen 80 default_server; listen [::]:80 default_server; server_name example.com www.example.com; return 301 https://example.com$request_uri; }
-
Set your environment variable
APP_URL
using https:APP_URL=https://example.com
Use helper secure_url() (Laravel5.6)
-
Add following string to AppServiceProvider::boot() method (for version 5.4+):
\Illuminate\Support\Facades\URL::forceScheme('https');
Update:
-
Implicitly setting scheme for route group (Laravel5.6):
Route::group(['scheme' => 'https'], function () { // Route::get(...)->name(...); });
Solution 4
I used this at the end of the web.php
or api.php
file and it worked perfectly:
URL::forceScheme('https');
Solution 5
Using the following code in your .htaccess file automatically redirects visitors to the HTTPS version of your site:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Related videos on Youtube
Nelson Melecio
A Senior Full Stack Developer with a demonstrated history of working in the information technology and services industry. Skilled in PHP, Restful API, WordPress, Laravel, NodeJs, CodeIgniter, Symphony, ASP Core/.Net, C#, MVVC/MVC, Xamarin, VueJs, AngularJs, ReactNative and ReactJs. Strong engineering professional with a Bachelor of Science (BS) focused in Computer Engineering from University of Mindanao.
Updated on July 08, 2022Comments
-
Nelson Melecio almost 2 years
I am working on a project that requires a secure connection.
I can set the route, uri, asset to use 'https' via:
Route::get('order/details/{id}', ['uses' => 'OrderController@details', 'as' => 'order.details', 'https']); url($language.'/index', [], true) asset('css/bootstrap.min.css', true)
But setting the parameters all the time seems tiring.
Is there a way to force all routes to generate HTTPS links?
-
KalC almost 7 yearsMiddleware is the way to go. Setting the 'url' property didn't work for me (L 5.1).
-
IceFire over 6 yearsthis is still not satisfying. It only means that routes that lead to
http
will be forwarded tohttps
routes but forwarding is detrimental to SEO rankings -
jave.web almost 5 yearsIn my Laravel 5.7.26
5.
somehow disabled the website, however4.
worked as charm :) -
CodeConnoisseur almost 5 yearsI have a hostgator account hosting my laravel app. If I put this in Routes/web.php, it doesn't re route my site to https and the ssl cert is on.
-
CodeConnoisseur almost 5 yearsI am hosting my site on HostGator and I went into the cPanel tools and modified my Laravel 5.7 code and performed number 4 and when I go to my site by just typing mysite.tech, I still get sent to the not secure verion of my site. If I implicitely type mysite.tech then it works. Any idea why 4 did not work?
-
lomelisan almost 5 yearsHave you checked for a .htaccess file? You could force https redirection there too.
-
CodeConnoisseur almost 5 yearsI have two htaccess files, one in my main app directory and the other in my public DIR. I added the code in the post below yours into my main app .htaccess file. Should I also add it in my public .htaccess?
-
lomelisan almost 5 yearsYeah, I think that's the one is working. Cause that's the place of the index.php file. How does your url index page end? Anyway if that doesn't work for you, HostGator has an impressive support, you could comment their answer as well.
-
CodeConnoisseur almost 5 yearsSo that WORKED :D, the only thing now though is that when the site reidrects it adds "/public/" to the end of the url. Do you know how I can trim that off?
-
Amin Bakhtiari Far over 4 yearsThis works! but adds
index.php
after domain name. -
Rastalamm over 4 yearsPlease provide some explanation as to what is going on here.
-
Nirav Bhoi over 4 yearsI am getting index.php after domain name too other way?
-
Miloslav Milo Janoušek over 4 yearsIt is better to make condition based on environment (in this case non-local), not debug settings.
-
Andres Ramos about 4 yearsAny solution to avoid adding index.php at the end? it is breaking my routes
-
cmac about 4 yearsThis should be set by APP_URL variable in .env
-
Erlang Parasu almost 4 yearsneed to call exit; after call header
-
Jeff Puckett almost 4 yearsthis worked for me inside the RouteServiceProvider, but not AppServiceProvider for some reason 🤔
-
Rutvi Trivedi almost 4 yearsI have APIs in my project will this run APIs as it is?
-
saber tabatabaee yazdi over 3 yearsfor laravel it should in public folder ... this is worked for me and other solution here didnt work on my cpanel server
-
Nhan over 3 yearsDid you still have to configure in
.htaccess
or this alone was enough? -
Husam about 3 yearsTHANKS! This is the only solution worked for me, I faced this issue only on AWS Elastic Beanstalk with load balancer. I think Laravel could not generate https toutes because the connection between the load balancer and the ec2 (ubunto server) is an http.
-
Clean Code Studio about 3 years@Nhan did not have to configure .htaccess at the time, that may have been because it was already configured properly.
-
Clean Code Studio about 3 years@Husam Interesting, I was working on an AWS project at the time of this post as well! That being said - if I'm remembering properly - I used this https setup in local development. I'm not sure if the other implementations didn't work because we had some AWS things happening locally or if it's just an interesting coincidence. Either way, thanks for pointing out the AWS detail!
-
vfsoraki over 2 yearsFor some unknown reason, this is the only thing that worked for me.
HTTPS "on"
was the only thing I needed to add, although nginx includes a line likefastcgi_param HTTPS $https if_not_empty
but it did not work as expected, so I had to manually add this and force backend to use HTTPS; -
Sayd Fuad over 2 yearsAnyone reading this, just replace 'RewriteEngine On' with the above code in your.htaccess file
-
Ishaan over 2 yearsThis is a good option, instead of updating any server file.
-
Tarik Manoar over 2 yearsThanks it worked laravel 7 and 8 perfectly thanks again
-
bcag2 about 2 yearsit is not enough in my case (apache proxy -> php/nginx container with laravel 8.x), I have Letsencrypt certificate and virtualhost are ok, I should configure
app/Http/Middleware/TrustProxies.php
to add local IP proxy and it should be present inprotected $middleware
inapp/Http/kernel.php
-
Jacey about 2 yearsWhen I used this my email verifications no longer worked. When clicking the verification link, users would get a 403: Invalid Signature
-
Disapamok almost 2 yearsThis worked for me too. the correct .env config for this is:
APP_ENV=production
-
Rbbn almost 2 yearsThis worked this night!