Laravel SSL - How to

Submitted by lwinmaungmaung on Wed, 08/07/2019 - 08:56
Image by Kranich17 from Pixabay

Laravel is one of the most famous PHP Frameworks around the development corner. SSL is also arising technology which is really famous to use with a web server. So, one problem arises, your web apps will stop working on the SSL production server. That's why Laravel SSL is required to use together.

There are two ways to work around to solve the problem. I chose the server configuration method to solve the problem.

Why Server in Laravel SSL

Solving using the app-level may be good, but I'm feeling that it is not good enough to make that thing working. My requirements are two things: firstly redirect all the traffics to SSL and forwards to www from the naked domain name.

For example, all users entering with http://example.com or https://example.com to https://www.example.com/ and http://example.com and http://www.example.com to https://www.example.com to make more suitable option because this is more convenient for SEO option.

My Configuration is using NGINX and we have to configure the following in the directory:

server{

      listen 80;

      listen 443 default ssl http2;

      if ($host !~* ^www\.) {

            rewrite ^(.*)$ https://www.lovelyfamilymm.com$1 permanent; #1

      }

      if ( $https != "on" ) {

                return 301 https://www.lovelyfamilymm.com$uri;

      }

        error_page 404 /index.php;

        location / {

                index index.html index.htm index.php;

                try_files $uri $uri/ /index.php?$args;

        }

}

So with this configuration, the domain names will be forwarded to the URL with www, even if there is not SSL or with SSL. 

Laravel SSL: Pros and Cons

The advantages of SSL using the server control method instead of working with app-level is Laravel will process plain and working with SSL in a native manner. There will be no requirement for working with a staging environment or a full production environment. 

The downside is the server level working method will bring you bad things, for example, if you use the image with assets methods, the images are not encrypted with SSL and may lead to serving via the HTTP protocol, allowing attackers to stay man-in-the-middle attack.

You can watch more about File storage management: check it here.

Category