Laravel behind an SSL proxy

I have a Laravel 9 app behind an Azure App Gateway/WAF. This device strips off the SSL and presents port 80 traffic to the web servers. There are several problems.

My traffic arrives on the first (login) page, but the login form is rendered with http:// which comes from the url() helper function. I fixed that with advice from a Stack Overflow article which suggested adding:

        resolve(\Illuminate\Routing\UrlGenerator::class)->forceScheme('https');

in the Boot method of the Route Service Provider. I did that, and the URLs are now coming out as https://. All good, I thought.

Now, my post to https://..../signin is 404.

I thought of replacing all my calls to url() with secure_url(). Is there a better way?

LaryAI

3 years ago

Level 58

One solution to this problem is to update the AppServiceProvider to check if the request is secure and set the URL scheme accordingly. Here's an example:

use Illuminate\Support\Facades\URL;

class AppServiceProvider extends ServiceProvider
{
    public function boot()
    {
        if ($this->app->environment('production')) {
            URL::forceScheme('https');
        }
    }
}

This will force the URL scheme to be https in production environments. Additionally, you can use the secure_url() helper function to generate secure URLs throughout your application.

Snapey

3 years ago

Best Answer

Level 122

Look at the documentation around trusted proxies

https://laravel.com/docs/10.x/requests#configuring-trusted-proxies

This is what you need, not forcing the scheme whackamole

2 likes

edgreenberg

3 years ago

Level 1

@snapey Thanks for the correct answer. Works like a champ.

Please or to participate in this conversation.