I have implemented SSL in dev, test and prod environments.
I had to change some blade function to secure_asset() and secure_url for preventing Chrome to block content.
But know I have many issues in my local environment due to the changes I explained before.
Which is the way to work with SSL on server environments but not in local?
Regards
Add the follwing snipped to the register() method of one of your service providers and use the asset() helper instead of the secure_asset(). This way URLs will be forced to have the https scheme on environments which are not local but local environments will keep working with the unsecure http scheme.
public function register()
{
if (config('app.env') !== 'local') {
\URL::forceScheme('https');
}
}
function generate_asset_url($string)
{
if (in_array(env('APP_ENV'), ['local', 'dev'])) {
return asset($string);
}
return secure_asset($string);
}
Related
I have a 'Event_Model'. I used it on a controller. I called it as
$this->load->model('Event_model','eventM')
I wrote the code with phpstorm on Window but it is running on a linux VM.
It worked on a local server. I got an error when I had uploaded on a linux production server though.
Why did it happen?
I don't understand how my local server could read it
use COMMON\Models\Event\Event_Comm_Model as Common_Event_Model;
class Event_Model extends Common_Event_Model {
public function __construct() {
parent::__construct();
}
}
The model is like this.
Linux servers and hosted sites are very sensitive to file names. Make sure you respect the case sensitivity.
This can work on your local machine
$this->load->model('Event_model','eventM')
but for a hosted server use instead
$this->load->model('Event_Model','eventM')
I'm coding a platform to generate sub-websites.
I have a route like this who works very well in local :
//Website
Route::domain('{slug}.domain.test')->group(function () {
Route::get('/','WebsitesController#show')->name('web_website_show');
});
I want to be able to make it works as well in production (other domain), so i did :
//Website
Route::domain('{slug}.{domain}')->group(function () {
Route::get('/','WebsitesController#show')->name('web_website_show');
});
And in my template :
Website
The generated URL looks amazing, but the routing doesn't work and bring me to the parent page of the main domain.
What i am doing wrong ?
Thanks
Working with domain routes like this is a little bit of a pain in Laravel.
In an application recently, I parsed the domain part from the application URL and then set it as a configuration value like this:
class AppServiceProvider extends ServiceProvider
{
public function boot()
{
config([
'app.domain' => parse_url(config('app.url'), PHP_URL_HOST),
]);
}
}
You can then use that in your domain routes:
Route::domain('{slug}.'.config('app.domain'), function () {
// Subdomain routes that work in all environments
});
If you are using laravel homestead, you'll need to register every subdomain on the etc/hosts file and on Homestead.yaml, as you probably did with the main domain. Now, I'll recommend the structure:
app.test
subdomain1.app.test
subdomain2.app.test
I wouldn't recommend to use something like:
subdomain1.app1.test
subdomain2.app2.test
I mean, you could, but it doesn't make much sense, and you would also have to register all of this on your Homestead/Local and Production environments.
For the approach that I suggest, you could set up this on an environment variable. https://laravel.com/docs/6.x/configuration#environment-variable-types
You can add any env variable you want/need to the .env file, there's an APP_URL variable, but this includes the http protocol, you could add something like:
APP_DOMAIN=app.test
And for production
APP_DOMAIN=yourapp.com
Then on the routes file access it with the helper method env, you can omit the second parameter, or use it to setup a default value, in case you forget to put it on the .env file.
Route::domain('{slug}.' . env('APP_DOMAIN', 'default.com'))->group(function () {
Route::get('/','WebsitesController#show')->name('web_website_show');
});
BTW, this might be of help for setting up your slug value with named routes:
Setting up named routes within a subdomain group in Laravel 5.7
I've been looking into Laravel Telescope and it mentioned the ability of being able to run only in one's local environment as opposed to production by including the following code snippet in AppServiceProvider.
public function register()
{
if ($this->app->isLocal()) {
$this->app->register(TelescopeServiceProvider::class);
}
}
This works fine but I am trying to figure out what exactly the isLocal() method does. So far, I have not been able to find much information.
Thanks,
In your .env file you would have a APP_ENV set to local on your development environment and it will be different on other servers. So isLocal just checks if that is set to local or not.
Here is the answer from the repository.
To check for a different env other than local or production use this helper function:
config('app.env') // get the env
for production there is a isProduction() helper function on the app instance.
My server uses SSL and thus all my routes/urls use https. I recently discovered a bug in Laravel 5.7 which was exposed when trying to use Email Verification, which does not work on a server with https. I wont go into the specifics of that problem as I have another question for that. I want to keep this simple.
I have the following settings in my .env file:
APP_USE_HTTPS=true
APP_URL=https://www.example.com
APP_ENV=production
And I have the following in the boot() method of the AppServiceProvider
if (env('APP_USE_HTTPS')) {
Log::info('AppServiceProvider: forcing URLs to use https');
URL::forceScheme('https');
}
And it may be overkill but to try to resolve the issue I also put the following code at the top of my web.php routes file"
if (env('APP_USE_HTTPS')) {
Log::info('Routes: forcing URLs to use https');
URL::forceScheme('https');
}
Route::get('/', 'PublicController#getHome');
Route::get('home', 'PublicController#getHome');
Then in my PublicController.getHome() method I put this code:
public function getHome()
{
$currentPath= Request::fullUrl();
Log::info($currentPath);
return view('public.home');
}
Now I go to my browser and enter this in the address bar:
https://www.example.com
And I get this in my log file:
AppServiceProvider: forcing URLs to use https
Routes: forcing URLs to use https
http://www.example.com
So as you can see from the last log message the fact that laravel always uses http instead of https is beginning to create issues. Starting with signed routes. I am trying to use the built-in Email Verification but the signature is being generated using https route and the email sent to user does have https in the url for going back to the same server. However the validation for the route is using http (even though https was used) so it generates a different signature and thus all verifications links fail with a 403 error.
Is there anything I am missing? I can't seem to find code that shows me how Laravel knows to use https or http or is it just hard coded for http?
Thanks for any help you can give me.
*** Update to show problem with Shaielndra Gupta answer ****
After implementing the middleware below is the code I used but as you will see the core problem exists in ALL methods dealing with url. So for example:
$request->secure()
returns false even when https was used. Then by calling:
redirect()->secure($request->getRequestUri());
does no good because that will cause the route to loop back into this method again which still returns false for secure(), basically creating an infinite loop (or infinite too many redirects)
class ForceHttpsProtocol {
public function handle($request, Closure $next) {
Log::info('request uri: '.$request->fullUrl());
Log::info('secure: '.($request->secure() ? 'yes' : 'no'));
if (!$request->secure() && env('APP_USE_HTTPS')) {
return redirect()->secure($request->getRequestUri());
}
return $next($request);
}
}
The log from the above code will produce the following when you make 1 attempt to go to any page even when using https://www.example.com
request uri: http://www.example.com
secure: no
request uri: http://www.example.com
secure: no
request uri: http://www.example.com
secure: no
request uri: http://www.example.com
secure: no
< over and over till page times out >
After much research I finally discovered what the issue is.
My live server is installed on an Amazon EC2 server which is behind a Load Balancer.
The load balancer is receiving the (https) request and handling all the SSL requirements and then forwarding the request to my website as http.
To fix this issue I had to install the fideloper/TrustedProxy package. This package allows my site to trust the proxy and get the valid headers for the request so it now knows the request was actually sent using https.
Laravel wrote an article which describes my condition exactly.
https://laravel-news.com/trusted-proxy
This is the package I installed:
https://github.com/fideloper/TrustedProxy
change in your config/session.php
'http_only' => true,
change it to
'http_only' => false,
or make a middlewere HttpsProtocol.php
namespace MyApp\Http\Middleware;
use Closure;
use Illuminate\Support\Facades\App;
class HttpsProtocol {
public function handle($request, Closure $next)
{
if (!$request->secure() && App::environment() === 'production')
{
return redirect()->secure($request->getRequestUri());
}
return $next($request);
}
}
Then, apply this middleware to every request adding setting the rule at Kernel.php file in protected $routeMiddleware array,
'https'=>App\Http\Middleware\HttpsProtocol::class
change This
APP_USE_HTTPS=true
APP_URL=https://www.example.com
to this
APP_URL=http://www.example.com
APP_USE_HTTPS=false
Because Laravel uses APP_URL to generate urls.
I am having quite a strange problem. I have just pushed my local build to our staging server. I have a custom module with custom controllers which, when accessed locally, work perfectly fine. However, when I attempt to access ONE SPECIFIC controller on staging, it throws a 500 server error. All of the other controllers I wrote work except for this custom IndexController.php I wrote. Again, everything works 100% on my local build. I have triple checked all of my .htaccess files, but maybe I’m missing something.
The strangest part of all of this is that it was working on staging two days ago! I have no idea what is causing this.
Does anyone have any suggestions on how I might go about troubleshooting this? Or, by chance, a solution?
1: Clear your cache AND sessions .
2: Check if your module is installed using the free/open-source Module List Module
3 Drop some debugging code in the following method. The var_dumps will tell you which files/classes Magento's routers are looking for with your module, but can't find.
File: app/code/core/Mage/Core/Controller/Varien/Router/Standard.php
protected function _validateControllerClassName($realModule, $controller)
{
$controllerFileName = $this->getControllerFileName($realModule, $controller);
if (!$this->validateControllerFileName($controllerFileName)) {
var_dump($controllerFileName);
return false;
}
$controllerClassName = $this->getControllerClassName($realModule, $controller);
if (!$controllerClassName) {
var_dump($controllerFileName);
return false;
}
// include controller file if needed
if (!$this->_includeControllerClass($controllerFileName, $controllerClassName)) {
var_dump($controllerFileName);
return false;
}
return $controllerClassName;
}