SSL Issue with Laravel on production server using Apache

Posted 9 months ago by UnFukWitAble

Hi, I have Apache 2.46, running on RHEL 7.5 server with an OV SSL certificate configured using AWS.

This a fresh application made using laravel new blog. All I have done is change permissions for storage and bootstrap/cache directories (the proper way) and setup the basic application config (database, env, etc).

My httpd.conf is setup to serve everything from /var/www/html/public/ and my Laravel application is inside /var/www/html/.

I am encountering two issues, which don't seem to be documented anywhere, maybe someone here can help me.

The SSL works on the homepage, works on both HTTP and HTTPS. However, when I visit /home (produced from make:auth) it only works over HTTP. If I visit it from HTTPS it will look like this (see image below).

alt text

How do you go about properly setting up Laravel for HTTPS? I usually add

#<VirtualHost *:80>
#   RewriteEngine On
#   RewriteCond %{HTTP:X-Forwarded-Proto} =https
#   RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

to the httpd.conf, but adding this now creates a too many redirects error. I would like to force HTTPS for all requests. Also for some reason, running Laravel creates 503 errors , haven't been able to find out why.




<IfModule mod_rewrite.c>                                                                                                                                                                                                                           
    <IfModule mod_negotiation.c>                                                                                                                                                                                                                   
        Options -MultiViews -Indexes                                                                                                                                                                                                               
    RewriteEngine On                                                                                                                                                                                                                               
    RewriteBase /                                                                                                                                                                                                                                  
    # Handle Authorization Header                                                                                                                                                                                                                  
    RewriteCond %{HTTP:Authorization} .                                                                                                                                                                                                            
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]                                                                                                                                                                                  
    # Redirect Trailing Slashes If Not A Folder...                                                                                                                                                                                                 
    RewriteCond %{REQUEST_FILENAME} !-d                                                                                                                                                                                                            
    RewriteCond %{REQUEST_URI} (.+)/$                                                                                                                                                                                                              
    RewriteRule ^ %1 [L,R=301]                                                                                                                                                                                                                     
    # Handle Front Controller...                                                                                                                                                                                                                   
    RewriteCond %{REQUEST_FILENAME} !-d                                                                                                                                                                                                            
    RewriteCond %{REQUEST_FILENAME} !-f                                                                                                                                                                                                            
    RewriteRule ^ index.php [L]                                                                                                                                                                                                                    


<Directory />
    AllowOverride none
    Require all denied

DocumentRoot "/var/www/html/public"

<Directory "/var/www">
    AllowOverride None
    # Allow open access:
    Require all granted

<Directory "/var/www/html/public">
    Options FollowSymLinks
    AllowOverride All
    Require all granted

I am pretty sure this is due to the asset() and route() methods used in resources/views/layouts/app.blade.php but where do I configure if this returns HTTP or HTTPS? I have .env set to use HTTPS?

Please sign in or create an account to participate in this conversation.

Reply to

Use Markdown with GitHub-flavored code blocks.