2/1/2018 - 5:14 PM

Implement ssl on laravel

Implement ssl on laravel

Working on my first Laravel 5 project and not sure where or how to place logic to force HTTPS on my app. The clincher here is that there are many domains pointing to the app and only two out of three use SSL (the third is a fallback domain, long story). So I'd like to handle this in my app's logic rather than .htaccess.

In Laravel 4.2 I accomplished the redirect with this code, located in filters.php:

    if( ! Request::secure())
        return Redirect::secure(Request::path());

I'm thinking Middleware is where something like this should be implemented but I cannot quite figure this out using it.



If you are using Cloudflare like I am, this is accomplished by adding a new Page Rule in your control panel.

You can make it works with a Middleware class. Let me give you an idea.

namespace MyApp\Http\Middleware;

use Closure;

class HttpsProtocol {

    public function handle($request, Closure $next)
            if (!$request->secure() && env('APP_ENV') === 'prod') {
                return redirect()->secure($request->getRequestUri());

            return $next($request); 

Then, apply this middleware to every request adding setting the rule at Kernel.php file, like so:

protected $middleware = [

    // appending custom middleware 


At sample above, the middleware will redirect every request to https if:

    The current request comes with no secure protocol (http)
    If your environment is equals to prod. So, just adjust the settings according to your preferences.


I am using this code in production environment with a WildCard SSL and the code works correctly. If I remove && env('APP_ENV') === 'prod' and test it in localhost, the redirection also works. So, having or not a installed SSL is not the problem. Looks like you need to keep a very hard attention to your Cloudflare layer in order to get redirected to Https protocol.
Edit 23/03/2015

Thanks to @Adam Link's suggestion: it is likely caused by the headers that Cloudflare is passing. CloudFlare likely hits your server via HTTP and passes a X-Forwarded-Proto header that declares it is forwarding a HTTPS request. You need add another line in your Middleware that say...

$request->setTrustedProxies( [ $request->getClientIp() ] ); trust the headers CloudFlare is sending. This will stop the redirect loop
Edit 27/09/2016 - Laravel v5.3

Just need to add the middleware class into web group in kernel.php file:

protected $middlewareGroups = [
    'web' => [

        // here


    Remember that web group is applied to every route by default, so you do not need to set web explicitly in routes nor controllers.

down vote

I have a shared hosting with OVH(France) and i have the "Let's Encrypt" certificate for my domain.

however, i looked everywhere for redirecting all requests from HTTP to HTTPS in laravel 5.4

i have found a solution with ".htacces redirecting" but i often have "TOO_MANY_REDIRECT" errors on browsers specially Google Chrome.

Anyone have an idea for redirecting all PS : i don't have "sudo" rights on my shared hosting server (just user access with ssh)


Without modify the .htaccess file, you can force the https protocol in your Laravel application adding:

function boot() {
     ... your code

In your AppServiceProvider.php.

down vote

in addition to @Troyer answer, i added the code below to my .htacces

RewriteEngine on

RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^{REQUEST_URI} [NE,L,R]

and now all request to HTTP are redirected to HTTPS without the "TOO_MANY_REDIRECT" errors thank you very much guys for your answers best regards,