Im not sure if my question is valid, I have a laravel app, by default I can access it using http protocol,
but due to security reasons, I was instructed to use https instead,
So I was planning to configure my apache and use the default-ssl.conf,
but before I do that, I want to know if changing it to https will it affect my routes?
No, it will not affect your routes.
To make all helpers like route(), url(), action() etc generate HTTPS links change http to https in the .env file:
APP_URL=https://some.app
It MAY affect your routes !
If you are using cloudflare for your ssl certificate, Laravel will not recognise it as a secure url, You will have to specify in your code that you want a secure url
for example for your assets, you may have to use
secure_asset('img/photo.jpg')
Normal SSH and Cpanel
If you are using normal ssh provided by server providers then do not worry,
You just need to change in your environment file.
which is placed in project_root/.env where you can change your APP_URL from http:// to https://
Also you can directly change in config/app.php in 'url' parameter.
cloudflare
Answer of Mathieu Ferre is correct
if you want to use mixed routes in your application you can use some laravel built-in helper methods.
use secure_asset() and url('url',params, true) the last param in url() is for securing route.
EDIT 1
there is also another function secure_url for securing url. If your application is using mixed routes.
Hope this helps.
Thanks
Related
I deployed a Laravel 9 app (with Jetstream/Livewire) to DigitalOcean using their "App" service from GitHub. Deployment was smooth and CI/CD works fine.
When viewing the application in the browser, I noticed that the assets (CSS and JS) are being served with a HTTP URL. None of the modern browsers like this (called "mixed content"). So I configured Vite (/vite.config.js) to compile the assets using HTTPS. Now they work.
However, Laravel itself insists on using HTTP when building URL's within the Blade templates (url() and route()). For instance, on the login page, the login form action is http://mywebsite.com.
I have tried:
Editing AppServiceProvider.php and adding \Illuminate\Support\Facades\URL::forceScheme('https'); to the boot() method
Setting proxies to '*' in TrustProxies middleware
Adding all of the CloudFlare IP's to the proxies property of TrustProxies middleware
Setting APP_URL and ASSET_URL to https://mywebsite.com in .env
Clearing the caches after changing the settings by php artisan optimize:clear
But none of this has helped and the forms (and other URL's) are generated under the HTTP scheme. I am guessing that the reverse proxy setup is confusing Laravel. What are the right Laravel settings to help it play nicely with DigitalOcean App service (which uses Heroku and CloudFlare? for deployment)?
Turns out, forceScheme() should be added as
\URL::forceScheme('https');
and not as
\Illuminate\Support\Facades\URL::forceScheme('https');
Because it lives in the Illuminate\Routing\UrlGenerator class. Some answer in the internets has mislead me... Don't let is mislead you!
I made webpage with Laravel which next I put on private server. After doing that I found out that my links to named routes aren't working.
After online research and talking with server administrator I learned that route() helper in Laravel is using request domain to build links, and that this server will always give me IP address instead of domain and that it is impossible on this server to access anything via IP address, it needs to be via domain.
Because of need to quick dealing with the problem I temporary made custom helper that using route() inside of it and changing IP address in result to app domain (taken from config). It works fine but I can't use third party libraries thanks to that. And I don't like it.
I tought about using middleware on whole app to change that IP address in request on domain but I have no idea (And I couldnt find it in Google) how to do that so route() helper would read it properly. Can you give me any ideas about that?
Thanks in advance.
You can do this little hack if your APP_URL env variable is not working for whatever reason. In your AppServiceProvider boot function add the following:
$this->app->resolving(UrlGenerator::class, function (UrlGenerator $generator) {
$generator->forceRootUrl(env('APP_URL'));
});
This should force a new root url when resolving the url generator.
I am quite new with codeigniter and ion-auth2 package for authentications. right now I have my codeigniter and the ion-auth package, both are merged,database has set upped and looks to have no error. I can access my index.php and default page with no error, but when I want to go to my ion-auth route using it's route like this:
localhost:81/code/index.php/auth
after i press enter.it redirects me to a route like this:
[::1]/code/index.php/auth/login
My problem is why I am getting the IPv6 format after accessing the auth controller.
The page looks like:
that's just your localhost ip, when you deploy your project online it will be something like a ipv4 address, don't worry about it. It's okay and will impact no harm to your project :)
You could update your Apache/Nguni settings to respond to this as well but the easiest solution is probably to set your base_url in your codeigniter config file you “local host” or whatever you’re using for the v4.
How can I have Laravel return a secure at all times with the url() helper function?
I know that I can url('foo', [], true), where the 3rd argument will set it to secure, but because I'm going to use SSL everywhere I don't want to have to specify it each time.
Furthermore, I don't have self-signed certificate locally. I want url() to give an http:// string locally, but https:// on production. Perhaps something I can configure in .env?
I've tried setting up TrustedProxy but it didn't make a difference. How can I go about this?
I'm not asking how to redirect http to https. That adds an extra jump between clicking a link and loading a page. I want url() to always give me https links when on production.
I'm developing an application that will eventually need to be fully HTTPS but I'm temporarily developing locally on HTTP.
If I use URL::to_asset('path', false) locally then I'd have to go and change every instance of that to true when I switch to HTTPS.
At the moment I'm thinking a Config::get('app.https', true) as the second argument would be the easiest way around this but I was wondering whether there's a more system-wide approach for ensuring your assets follow the routes (for example if I had an application that had partial usage of HTTPS routes it would be nice if Laravel automatically worked out whether you're on a HTTPS route and returned the correct asset link).
Or is it possible to get assets to use the "//domain.tld/path/to/something" approach
instead of manually setting it through configs you could use Request::secure() to check, if the request is done over HTTPS.
reference: laravel request information
Set HTTPS 'on' or 'off' in your web server's environment. That should propagate to Laravel, and result in http: or https: URL generation.
It may be worth adding that we run our Laravel apps on Elastic Beanstalk. EB terminates SSL at the Load Balancer, so Laravel "thinks" it's HTTP, when it's not. We use redirects to ensure all traffic is HTTPS from the outside, and set HTTPS=ON in the EB Dashboard settings so that assets aren't subject to redirects.
Tested on Laravel 5x, you can do like this:
asset('path_to_file', \App::environment() == 'production')
If you're in production, it will return true and load the asset via https, while returning false in development, loading via http.
If you are using Laravel 5.3 you can just use the Laravel asset() helper function. It loads assets using the current scheme of the request (HTTP or HTTPS)
You can find more details here