0

I have just set up Laravel octane and its working as expected but all of the links are shown in http but the site is over HTTPS.

For example when trying to login. The user will be warned by the web browser.

This is what Firefox says:

The information entered will be transmitted in clear (without encryption). They can therefore possibly be intercepted and read during their routing.

The config for nginx taken from laravel's website and added ssl cert.

My question is: How can i serve everything over only Https ?

Link to the config: this

My nignx config :

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

server {
    server_name  mysite.com;
    server_tokens off;
    root /var/www/site/public;

    index index.php;

    charset utf-8;

    location /index.php {
        try_files /not_exists @octane;
    }

    location / {
        try_files $uri $uri/ @octane;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/mysite.com-error.log error;

    #error_page 404 /index.php;

    location @octane {
        set $suffix "";

        if ($uri = /index.php) {
            set $suffix ?$query_string;
        }

        proxy_http_version 1.1;
        proxy_set_header Host $http_host;
        proxy_set_header Scheme $scheme;
        proxy_set_header SERVER_PORT $server_port;
        proxy_set_header REMOTE_ADDR $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;

        proxy_pass http://127.0.0.1:900$suffix;
    }


    listen [::]:443 ssl ipv6only=on http2; # managed by Certbot
    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mysite-0002/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mysite.com-0002/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}

server {
    if ($host = mysite.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;
    server_name _;
    return 444; # managed by Certbot 


}}
N69S
  • 16,110
  • 3
  • 22
  • 36
thor
  • 1
  • It seems like it's a Code issue and not Nginx, so as a starter point did you checkout the app_domain value within your .env file? is it with https? – Mohamed Mo Kawsara Dec 25 '21 at 21:23
  • yes its set to https – thor Dec 25 '21 at 21:24
  • In this case I would advice you to checkout and use CloudFlare if you aren't, instead of CertBot obligate, it will handle redirecting to Https for your site, moreover, for your Laravel code you just need a Middleware, checkout this answer https://stackoverflow.com/a/28403907/2131039 – Mohamed Mo Kawsara Dec 25 '21 at 21:29
  • the https connection ends at nginx and then octane has its own webserver as far as I know so you need to ensure your [trusted proxy](https://laravel.com/docs/8.x/requests#configuring-trusted-proxies) middleware is enabled and configured correctly – apokryfos Dec 25 '21 at 22:33
  • have you read the documentation ? specifically about the env variable `'https'` https://laravel.com/docs/8.x/octane#serving-your-application-via-https – N69S Dec 26 '21 at 00:17

0 Answers0