Laravel: how to force HTTPS?

laravel .htaccess mod-rewrite https laravel-5.4

47,825

Solution 1

You need adding this to your .htaccess file:

RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://YOURWEBSITEDOMAIN/$1 [R,L]

See this: http://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file

Solution 2

Try adding this code in your .htaccess file.

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Solution 3

When you want to Render all URLs with https the simplest method is to use the code below in the boot() function of app/Providers/AppServiceProvider.php:

\URL::forceScheme('https');

Solution 4

Change your domain in .htaccess by:

RewriteCond %{HTTP_HOST} mydomain.com [NC]

RewriteRule ^(.*)$ https://mydomain/$1 [R,L]

<IfModule mod_rewrite.c>
  <IfModule mod_negotiation.c>
      Options -MultiViews
  </IfModule>

  RewriteEngine On

  # Added to Force HTTPS
  RewriteCond %{HTTP_HOST} mydomain\.com [NC]
  RewriteCond %{SERVER_PORT} 80
  RewriteRule ^(.*)$ https://mydomain/$1 [R,L]

  # Redirect Trailing Slashes If Not A Folder...
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.*)/$ /$1 [L,R=301]

  # Handle Front Controller...
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteRule ^ index.php [L]

  # Handle Authorization Header
  RewriteCond %{HTTP:Authorization} .
  RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>

Solution 5

Add this to the boot method in AppServiceProvider

if($this->app->environment('production'))
{
   $this->app['request']->server->set('HTTPS','on');
}

View more solutions

47,825

Author by

realtebo

italian programmer with a lot of experience in - php [Laravel, Yii Framework] - sql - .NET (C# and VB) - javascript [VueJs, jQuery] Base knowledge of Android and Windows Apps developing

Updated on July 07, 2021

Comments

realtebo almost 3 years
I'm starting to develop a new big app, and I'm using Laravel this time, and it's the first time.

I need to force HTTPS for all pages, it's not important if from code or by .htaccess, but I'm not able to find a simple tutorial.

The official docs dosn't speak about this problem.

For info, my acutal .htaccess is
```
<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews
    </IfModule>

    RewriteEngine On

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)/$ /$1 [L,R=301]

    # Handle Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]

    # Handle Authorization Header
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
```
My question is specific to Laravel 5, because I ve no idea on where and how modify this .htaccess file. And also I'am asking you if this is the right way for Laravel or if Laravel has something specific to setup to handle HTTPs.

So please do not close my question and try to be more adherent to the Laravel specific topic.

If you can post a simple way to modify this file AND/OR What to modify in Laravel config to properly handle https.

But in short yes, I want to force every call to transit on HTTPS.
realtebo almost 7 years

Sorry but I want something specific for Laravel setup.
realtebo almost 7 years

Where? And Laravel doesn't it need some specific config?
realtebo almost 7 years

Where? And does Laravel need some specific config?
Bhaumik Pandhi almost 7 years

You need to add it in .htaccess file, no Laravel don't need specific config.
realtebo almost 7 years

With "Where ?" I mean: in which point of my .htaccess? And also, could is it better your code or the one of the answer of Pandhi Bhaumik?
realtebo almost 7 years

also: is it better your code or the code from the answer of Mortadda Jafar?
Mortada Jafar almost 7 years

@realtebo before last tag it's mean : (</IfModule>) and i used this code for my site
Magige Daniel about 6 years

Great answer! sorted me like a charm
Frank Yucheng Gu about 4 years

What exactly are you trying to fix/achieve? What is this configuration for?
MrWhite over 3 years

The last RewriteRule directive is malformed and cannot possibly work as intended (it will trigger a 500 error due to incorrect flags). The directives are also in the wrong order.
MrWhite over 3 years

You would only use these directives if you are behind an SSL proxy - this is not mentioned in the question.
MrWhite over 3 years

"before last tag it's mean : (</IfModule>)" - This is incorrect. If you put this rule at the end, "before the last tag", it will only get processed for requests to static resources. Your URLs that get routed through Laravel won't be redirected. This rule needs to go near the top of the file (logically, after the RewriteEngine On directive).
MrWhite over 3 years

@realtebo This is arguably the better solution, although you probably won't notice any difference, except that the other code uses a 302 (temporary) redirect, as opposed to a 301 (permanent) redirect. An HTTP to HTTPS redirect should be a 301. This code uses a more efficient regex and does not reply on a capturing backreference to the RewriteRule pattern, so will work without alteration in more situations (other directories, server config, etc.). It also redirects to the same hostname - a requirement if implementing HSTS - but could result in an unnecessary additional redirect if not.
trainoasis about 3 years

This does not force https, one can still visit on http:// ...
trainoasis about 3 years

Nothing changed when this was added.. (laravel 8)
shazim ali over 2 years

Not work for me
Amitesh Bharti over 2 years

@shazimali in the latest version this may be got change, try this robindirksen.com/blog/…