SSL Issue with Laravel on production server using Apache

Posted 7 months ago by UnFukWitAble

Hi, I have Apache 2.46, running on RHEL 7.5 server with an OV SSL certificate configured using AWS.

This a fresh application made using laravel new blog. All I have done is change permissions for storage and bootstrap/cache directories (the proper way) and setup the basic application config (database, env, etc).

My httpd.conf is setup to serve everything from /var/www/html/public/ and my Laravel application is inside /var/www/html/.

I am encountering two issues, which don't seem to be documented anywhere, maybe someone here can help me.

The SSL works on the homepage, works on both HTTP and HTTPS. However, when I visit /home (produced from make:auth) it only works over HTTP. If I visit it from HTTPS it will look like this (see image below).

alt text

How do you go about properly setting up Laravel for HTTPS? I usually add

#<VirtualHost *:80>
#   RewriteEngine On
#   RewriteCond %{HTTP:X-Forwarded-Proto} =https
#   RewriteRule .* https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]

to the httpd.conf, but adding this now creates a too many redirects error. I would like to force HTTPS for all requests. Also for some reason, running Laravel creates 503 errors , haven't been able to find out why.




<IfModule mod_rewrite.c>                                                                                                                                                                                                                           
    <IfModule mod_negotiation.c>                                                                                                                                                                                                                   
        Options -MultiViews -Indexes                                                                                                                                                                                                               
    RewriteEngine On                                                                                                                                                                                                                               
    RewriteBase /                                                                                                                                                                                                                                  
    # Handle Authorization Header                                                                                                                                                                                                                  
    RewriteCond %{HTTP:Authorization} .                                                                                                                                                                                                            
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]                                                                                                                                                                                  
    # Redirect Trailing Slashes If Not A Folder...                                                                                                                                                                                                 
    RewriteCond %{REQUEST_FILENAME} !-d                                                                                                                                                                                                            
    RewriteCond %{REQUEST_URI} (.+)/$                                                                                                                                                                                                              
    RewriteRule ^ %1 [L,R=301]                                                                                                                                                                                                                     
    # Handle Front Controller...                                                                                                                                                                                                                   
    RewriteCond %{REQUEST_FILENAME} !-d                                                                                                                                                                                                            
    RewriteCond %{REQUEST_FILENAME} !-f                                                                                                                                                                                                            
    RewriteRule ^ index.php [L]                                                                                                                                                                                                                    


<Directory />
    AllowOverride none
    Require all denied

DocumentRoot "/var/www/html/public"

<Directory "/var/www">
    AllowOverride None
    # Allow open access:
    Require all granted

<Directory "/var/www/html/public">
    Options FollowSymLinks
    AllowOverride All
    Require all granted

I am pretty sure this is due to the asset() and route() methods used in resources/views/layouts/app.blade.php but where do I configure if this returns HTTP or HTTPS? I have .env set to use HTTPS?

Please sign in or create an account to participate in this conversation.

Laracasts Mascot

Hi, Have We Met Yet?

Did you know that, in addition to the forum, Laracasts includes well over 1000 lessons on modern web development? All for the price of one lunch out per month.

Sign Me Up


Reply to

Use Markdown with GitHub-flavored code blocks.