2

I want to ask about HTTP-to-HTTPS redirections. As we know WWW-to-none-WWW redirections happen by redirecting from the web server side. But when it comes to the https redirection, it can be done by both ways, server-side (Nginx etc...) and application-side (Middleware). I want to know:

  1. Which of the ways are effective and have more performance.
  2. The pros and cons of each way considering multiple top-level domains and sub-domain domains on the same server.

Thank you.

Reference:

  1. Redirect WWW to non-WWW in Laravel - Stack overflow
  2. Redirect HTTP to HTTPS in Laravel - Stack overflow
  3. HTTP Request To HTTPS on nginx - nixCraft
Abdalla Arbab
  • 1,360
  • 3
  • 23
  • 29

1 Answers1

1

Server-based redirection here should be more performant because it happens before any application code gets loaded.

Personally, I always do this in the nginx server{} block for all sites. I create a conf file for a domain and have 2 server{} blocks, a main one listening on 443 for HTTPS traffic, and a small one that just recognises the (sub)domain and does a redirect to the HTTPS protocol.

Here's an example redirect server{} block I have for a particular subdomain:

server {
    server_tokens off;
    listen 80;
    server_name sub.domain.com;
    return 301 https://sub.domain.com$request_uri;
}

As for pros cons for server-based, the obvious ones I would say are:

Pros

  • Performance
  • Simplicity

Cons

  • root access required (for nginx at least, Apache you could do it in a .htaccess file, but this in itself has performance costs)
  • Can't change things on the fly so easily (flexibility?)
Ian.H
  • 316
  • 2
  • 7
  • Great answer. But one question; If I am doing the redirection on the server side, do I need to change anything in my Laravel project (ignoring the third party packages that installed by me) other than changing the `APP_URL` environment variable? the app will change all my routes and URLs to https automatically? – Abdalla Arbab Mar 27 '19 at 16:00
  • 1
    As long as you're not using complete paths for routes/assets (images/css/js etc) and just using URI paths, eg; `/path/to/something`, then other than `APP_URL` as you note, nothing should need to change (I develop under HTTP but production is always HTTPS). In regards to assets, _if_ you have specified the (sub)domain of them too, you can just remove the protocol, for example: `` This will then use the current protocol (HTTP or HTTPS, whatever the site's being accessed as) and load accordingly – Ian.H Mar 27 '19 at 21:05
  • Perfect. I will wait to check if someone else is willing to answer. If I didn't get anything, yours will be accepted. Thanks very much for the completed answer. – Abdalla Arbab Mar 27 '19 at 22:25
  • Now, This answer looks more than perfect for me. Thanks. – Abdalla Arbab Mar 29 '19 at 14:02