Level 65
Why not just do this at web server level?
You can redirect to HTTPS or HTTP, here's an example: https://bashy.im/blog/nginx-redirect-to-https-with-without-www-subdomain
May 14, 2015
11
Level 1
From lowly HTTP to master HTTPS
I've been enjoying my Laravel development recently and I've finally managed to create my first full web app. I've been testing it on a production server, using Forge and Digital ocean, and things are working great.
I now want to switch to HTTPS from HTTP, and I created a Middleware called SecureRequests that forces all non http requests to become https request like so:
SecureRequest.php
public function handle($request, Closure $next)
{
if (!$request->secure() && !\App::isLocal()) {
return redirect()->secure($request->getRequestUri());
}
return $next($request);
}
I've also applied it to all requests, via the kernel, and again - it works well. However, when I push to production, I can't access my site anymore (I believe due to not having a SSL certificate).
Is there an easy way to do this via forge?
Level 1
Hi bashy,
I'm on the verge of solving it - however, do you know if forge uses openssl?
Level 65
Forge isn't a server, it's a tool to manage the sites on your server. If you want openssl, install it. Otherwise you can check with
openssl version
Level 1
It's worth getting intimately familiar with SSL certificates if you're running your own server. You can buy a real certificate from ssls.com for a few dollars. Also be sure to use https://www.ssllabs.com/ssltest/ to run tests against your site to make sure it's not vulnerable to particular security holes.
1 like
Level 65
If you want to be secure, use CloudFlare. They provide FREE wildcard SSL certificates for your domains.
Can do a test on https://www.ssllabs.com/ssltest
Level 9
I used CloudFlare for a while and ditched it for some reason, I cannot recall exactly why at this minute. I believe there was an issue of an HTTP redirect loop that I did not have the time nor patience to figure out - may return to it later.
When I added my SSL via Forge, Digital Ocean droplet, I believe the site redirected to HTTPS by default on its own. As @opb suggested, SSLS.com is a great resource for purchasing certificates. Great deals and their customer support is outstanding, extremely patient with me when I was a complete SSL noob.
Level 65
@opheliadesign Redirect loop was probably because it wasn't listening for the right request. I had a script once that didn't have the right params for reading if it was HTTPS or not and CloudFlare doesn't pass the same request as a normal visitor so that could be why.
1 like
Level 1
Hi, thanks for the help bashy, however I get a ERR_CONNECTION_REFUSED (I think my server isn't listening at port 443). My nginx config:
server {
listen 80;
server_name yourstudynotes.com;
return 301 https://yourstudynotes.com$request_uri;
}
server {
listen 443 ssl;
server_name yourstudynotes.com;
root /home/forge/yourstudynotes.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/yourstudynotes.com/8099/server.crt;
ssl_certificate_key /etc/nginx/ssl/yourstudynotes.com/8099/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/yourstudynotes.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
Level 65
Connection refused means there's no service listening on that port. You can check on the server with
netstat -lpn | grep "443"
Level 19
Forge opens port 443 by default. Look on the network tab on the server under Active Firewall Rules.
Level 1
Thanks Bashy, turns out my server's key was installed incorrectly. Works perfectly second time round.
Please or to participate in this conversation.