Be part of JetBrains PHPverse 2026 on June 9 – a free online event bringing PHP devs worldwide together.

Ligonsker's avatar

HTTP to HTTPS - via Laravel or the server (nginx)

Hello,

I installed Laravel 9 with Breeze and everything works fine, but I also installed Let's Encrypt free cert but now all the URLs generated by Breeze are HTTP and the browser shows the connection is not secure.

There are a few issues: First, Breeze uses url() helper sometimes.

Second, some POST routes are using HTTP, like the login.

For the first issue - I assume I need to go one-by-one and change every url() to secure_url(). But what about the second issue with POST routes?

Should I add the following to the boot() method in AppServiceProvider?

\URL::forceScheme('https');

Or use nginx to redirect HTTP to HTTPS?

Or there is another way?

Ty

0 likes
5 replies
Sinnbeck's avatar

I recommend using nginx to do the redirect. Then it also works for images, js and css

1 like
krs's avatar

I recommend using nginx too, this is clearly the main job of a webserver (or proxy); if you install letsencrypt with nginx, you will be asked during the installation process if you want to redirect all your traffic to https (or not).

If you choose yes, your nginx-config-file of this site will be updated with an additional server block like this:

server {
  // all your config
  listen 443 ssl https2;
  //...
}

server {
    if ($host = your.host.com) {
        return 301 https://$host$request_uri;
    }
    server_name your.host.com;
    listen 80;
    return 404;
}

Works perfectly fine and you have nothing to worry about anything else...

1 like
Ligonsker's avatar

@krs @sinnbeck thanks

Actually Let's Encrypt did add exactly as you said, @krs, but from some reason it still doesn't redirect all the time.

Perhaps because I have the older proxy_pass block and it interferes with it:

# original server block for WireGuard
server { 
    server_name mydomain www.mydomain ;
    location / {
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header Host-Real-IP  $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_pass http://10.8.0.22:80;
    }

# added by Let's Encrypt
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mydomain/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mydomain /privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = www.mydomain) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = mydomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name mydomain www.mydomain;
    listen 80;
    return 404; # managed by Certbot
}
maxowono123's avatar

My site is also not showing https in url please guide me about this.

Sinnbeck's avatar

@maxowono123 Then make your own thread explaning your problem and we will do out best to help.

1 like

Please or to participate in this conversation.