vnobre's avatar

Using HTTPS with Lumen in Homestead

Hi everyone,

I have a working setup of Lumen with homestead. On my windows hosts file I've added the homestead machine IP address so I can freely access the site via http://abc.app (no need to add ports)

However, I'm doing some integrations with OAuth and several services require a redirect URI that is HTTPS.

I thought https://abc.app would work out of the box, but it doesn't. Do I have to add anything extra to my homestead.yaml ? I've pasted my current homestead.yaml file below...

ip: "192.168.10.10"
memory: 2048
cpus: 1
provider: virtualbox

authorize: C:\Users\MyUsername\.ssh\id_rsa.pub

keys:
    - C:\Users\MyUsername\.ssh\id_rsa

folders:
    - map: D:\Laracode
      to: /home/vagrant/Laracode

sites:
    - map: mycustom.app
      to: /home/vagrant/Laracode/MyCustom/public
    - map: abc.app
      to: /home/vagrant/Laracode/ABC/public

databases:
    - mycustom
    - abc

variables:
    - key: APP_ENV
      value: local

Thank you in advance!

0 likes
4 replies
kfirba's avatar

@vnobre Log in to your VM and look in /etc/nginx/sites-available/abc.app and see if there is a server section which is listening to port 443. It may look something like this:

server {
    listen 443;
    server_name example.dev;
    root "/home/vagrant/code/example/public";

    index index.html index.htm index.php;

    charset utf-8;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/example.dev-ssl-error.log error;

    sendfile off;

    client_max_body_size 100m;
    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
    }

    location ~ /\.ht {
        deny all;
   }
    ssl on;
    ssl_certificate     /etc/nginx/ssl/example.dev.crt;
    ssl_certificate_key /etc/nginx/ssl/example.dev.key;
}

replace example.dev with your respective domain name.

1 like
vnobre's avatar

@kfirba Thank you so much for your attention - I checked my abc.app file and I only had "listen 80;" and none of the SSL related lines. I switched to "listen 443;" and added just "ssl on;" in hope it would work, but now I can't access http://abc.app nor https://abc.app - both give me a ERR_CONNECTION_REFUSED on the browser.

I didn't generate an SSL certificate yet, because I was only in the development/exploration stage. Is the certificate absolutely necessary for this to work? (I apologize if this is a dumb question, as I'm very new to server management and SSL).

vnobre's avatar
vnobre
OP
10 years ago
Best Answer
Level 3

Hi again!

Considering that the SSL certificate was a requirement, I googled the whole creation of a self-signed certificate for development purposes.

Here are the steps that worked for me:

1) Follow Steps 1 to 4 of: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-nginx-for-ubuntu-12-04

2) As per @kfirba 's recommendation - SSH into homestead and edit your abc.app file.

sudo vi /etc/nginx/sites-available/abc.app

My first mistake was that I replaced my server { } portion properties with @kfirba 's recommendation. After reading further, I understood that we should have 2 server { } portions, one that listens to port 80 and one that listens to port 443 and has SSL enabled:

server {
    listen 80;
    server_name abc.app;
    root "/home/vagrant/code/abc/public";

    index index.html index.htm index.php;

    charset utf-8;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/example.dev-ssl-error.log error;

    sendfile off;

    client_max_body_size 100m;
    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
    }

    location ~ /\.ht {
        deny all;
   }
}
server {
    listen 443;
    server_name abc.app;
    root "/home/vagrant/code/abc/public";

    index index.html index.htm index.php;

    charset utf-8;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/example.dev-ssl-error.log error;

    sendfile off;

    client_max_body_size 100m;
    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
    }

    location ~ /\.ht {
        deny all;
   }
    ssl on;
    ssl_certificate /etc/nginx/ssl/server.crt;
    ssl_certificate_key /etc/nginx/ssl/server.key;
}

After saving changes, exit > homestead halt > homestead up and I was personally good to go!

bashy's avatar

Just a note to you and others - you should use listen 443 ssl; and not ssl on; separately.

1 like

Please or to participate in this conversation.