Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

jhauraw's avatar

Tip: How to enable SSL in Homestead 2.0

I got this up and running today, thought I'd share:

http://www.laravel-tricks.com/tricks/ssl-in-laravel-homestead-20

Plenty of room for improvement, so please add your ideas. For example, generating the ssl certs in the loop, instead of including them.

0 likes
12 replies
jhauraw's avatar

I've updated the trick, as I added an important comment, plus there was an error.

  1. Comment: I added a note about commenting out the global ssl on; directive in nginx.conf. Commenting it out lets you access your servers via regular http on port 8000 and/or https on 44300. If you leave it uncommented, you can only access hosts via https on 44300.

  2. In after.sh change the hash-bang to #!/usr/bin/env bash so the array doesn't throw an error.

  3. Error: I forgot to add ssl to the end the listen 443; directive in the individual server {} block. So that sed line should have listen 443 ssl; (instead of listen 443;). Please update your code.

keyur's avatar

thanks for this!

1) I am not able to get port 44300 to forward properly for some reason. When I access

https://www.mysite.local::44300

from my local browser, it times out with an error.

When I test out via ssh on homestead, using

https://www.mysite.local

it works fine.

So something seems wrong with my port forwarding from my local machine to homestead.

I added the line below, to my script.rb for homestead provisioning and reloaded.

config.vm.network "forwarded_port", guest: 443, host: 44300

(I am on homestead 1.6)

2) also, how do you change your code so it will reference the new port 44300 during development? I added https to my routes for each route that needs it, but I believe it will simply go to the url with http changed to https, as:

https://www.mysite.local:8000

unless I make a change somewhere.

Thank you.

jhauraw's avatar

@keyur: the code I posted will only work with Homestead 2.0. You will need to update to use it.

ivanv's avatar

I'm not sure where to contribute, so i'll just post it here... I hope that's ok... I've merged the after.sh for Homestead 2.0 with a script I digged up on the web earlier, for Homestead 1.0. The only thing I added is that the SSL certs are auto generated, one for each domain in the array. It would be cool if the domains could be plucked from the Homestead.yaml, but I'm not sure how that would work.

#!/usr/bin/env bash

# Populate this array with each of your dev site hostnames.
sites_hosts=( r3v.dev ) # array, e.g., www.example.dev

# Config for SSL.
SSL_DIR="/etc/nginx/ssl"
PASSPHRASE="secret"
SUBJ="
C=BE
ST=SomeState
O=SomeCompany
localityName=SomeCity
commonName=*.$DOMAIN
organizationalUnitName=HQ
emailAddress=some@email.com
"

echo "--- Making SSL Directory ---"
sudo mkdir -p "$SSL_DIR"

for i in "${sites_hosts[@]}"
do
    echo "--- Copying $i SSL crt and key ---"

    DOMAIN=$i

    sudo openssl genrsa -out "$SSL_DIR/$DOMAIN.key" 1024 >/dev/null 2>&1
    sudo openssl req -new -subj "$(echo -n "$SUBJ" | tr "\n" "/")" -key "$SSL_DIR/$DOMAIN.key" -out "$SSL_DIR/$DOMAIN.csr" -passin pass:$PASSPHRASE >/dev/null 2>&1
    sudo openssl x509 -req -days 365 -in "$SSL_DIR/$DOMAIN.csr" -signkey "$SSL_DIR/$DOMAIN.key" -out "$SSL_DIR/$DOMAIN.crt" >/dev/null 2>&1

    # Comment out this line if you prefer ssl on a per
    # server basis, rather for all sites on the vm.
    # If commented out you can access hosts on http
    # port 8000, and https port 44300. If uncommented,
    # you can ONLY access hosts via https on port 44300.
    #echo "--- Turning SSL on in nginx.conf. ---"
    #sed -i "/sendfile on;/a \\        ssl on;" /etc/nginx/nginx.conf

    echo "--- Inserting SSL directives into site's server file. ---"
    sed -i "/listen 80;/a \\\n    listen 443 ssl;\n    ssl_certificate /etc/nginx/ssl/$i.crt;\n    ssl_certificate_key /etc/nginx/ssl/$i.key;\n\n" /etc/nginx/sites-available/$i

done
echo "--- Restarting Serivces ---"
service nginx restart
service php5-fpm restart
1 like
aaronwaldon's avatar

The code by ivanv works great. Just be sure to replace the ampersand entity with an actual ampersand (get rid or the "amp;" after it), because it looks like the commenting system changed that. Other that little change, it seems to be working splendidly. Thanks ivanv!

stueynet's avatar

Does this still work for anyone? I cannot get this up and running at all. Ruins my nginx configuration files and when I manually fix them, the certificate is still no good. Running latest Homestead with php7.

alexagui's avatar

Sorry to bump an old thread.

But what's the current best method to enable SSL on Homestead?

ivanv's avatar

haven't used homestead a long while... but the docs say:

By default, the following ports are forwarded to your Homestead environment:

...
HTTP: 8000 → Forwards To 80
HTTPS: 44300 → Forwards To 443
...

So maybe it is enabled by default on that port now? I don't have it installed, so I can't verify it... but it might be worth a try.

impbob36's avatar

Yeah, seems to be enable by default. Although, I'd wish it would automatically redirect http -> https

1 like

Please or to participate in this conversation.