🐘

laravel

6 notes  •  PHP & Web Dev
HomePHP & Web Dev › laravel

Force HTTPS Redirects in Laravel

Redirect all HTTP traffic to HTTPS in a Laravel application using .htaccess (Apache) or the AppServiceProvider.

Option 1 - .htaccess (Apache)

Add to public/.htaccess:

Options -MultiViews
RewriteEngine On

# Redirect HTTP to HTTPS
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]

# Remove trailing slashes
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]

# Laravel front controller
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]

Option 2 - AppServiceProvider

In app/Providers/AppServiceProvider.php:

use Illuminate\Support\Facades\URL;

public function boot()
{
    if (config('app.env') === 'production') {
        URL::forceScheme('https');
    }
}

Verify

curl -I http://example.com

Expect a 301 redirect to https://example.com.

Run Laravel from a Subdirectory

Serve a Laravel application from a subdirectory (e.g. /esmart) and fix redirect loops caused by incorrect .htaccess configuration.

Apache .htaccess Setup

Place this .htaccess in the project root (not in public/). Remove any existing .htaccess inside public/:

Options -MultiViews
RewriteEngine On
RewriteRule ^(.*)$ public/$1 [L]

Configure Base URL

In .env:

APP_URL=https://apps.example.com/esmart

Troubleshooting

  • Redirect loop: Remove the .htaccess inside public/.
  • 404 on assets: Verify APP_URL includes the subdirectory.

Allow Access to .well-known Folder in cPanel / Laravel

When Laravel routes all traffic through public/, the .well-known folder used for SSL validation becomes inaccessible. Whitelist it in .htaccess.

Fix - public_html/.htaccess

RewriteEngine On

# Allow SSL validation challenges through
RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/cpanel-dcv/[0-9a-zA-Z_-]+$
RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]+\.txt$

# Route everything else to Laravel public/
RewriteRule ^(.*)$ public/$1 [L]

Notes

  • The .htaccess inside public/ does not need changes.
  • After updating, re-run AutoSSL in cPanel or retry the Let's Encrypt challenge.

Fix Laravel Storage Link Not Loading Images After Symlink

After running php artisan storage:link, images stored in storage/app/public/ are accessible at /storage/ URLs. If images still do not load, the symlink or path is misconfigured.

How Storage Links Work

public/storage  -->  storage/app/public/

Upload images to storage/app/public/folder/image.jpg and reference them at /storage/folder/image.jpg.

Correct Blade Syntax

<img src="{{ asset('storage/folder/image.jpg') }}" alt="Image">

Verify the Symlink

ls -al /var/www/html/project/public | grep storage
ls -al /var/www/html/project/storage/app/public/

Troubleshooting

  • Symlink missing: Re-run php artisan storage:link.
  • Wrong path: Upload only to storage/app/public/.
  • Permissions: Run chmod -R 755 storage/.
  • Wrong URL: Check APP_URL in .env.

Common php artisan Commands Reference

Quick reference for frequently used php artisan commands.

Database

php artisan migrate
php artisan migrate:fresh --seed
php artisan db:seed

Cache and Config

php artisan cache:clear
php artisan config:clear
php artisan config:cache
php artisan route:clear
php artisan view:clear
php artisan view:cache

Storage

# Create symlink: public/storage -> storage/app/public
php artisan storage:link

Development

php artisan serve
php artisan list
php artisan make:controller MyController
php artisan make:model MyModel -m

Fix Laravel HTTPS Behind a Load Balancer

When Laravel runs behind a load balancer that terminates SSL, it may generate HTTP URLs. Fix this with the TrustProxies middleware.

Solution - TrustProxies Middleware

Edit app/Http/Middleware/TrustProxies.php:

use Illuminate\Http\Middleware\TrustProxies as Middleware;
use Illuminate\Http\Request;

class TrustProxies extends Middleware
{
    protected $proxies = '*';  // or specify LB IPs

    protected $headers =
        Request::HEADER_X_FORWARDED_FOR |
        Request::HEADER_X_FORWARDED_HOST |
        Request::HEADER_X_FORWARDED_PORT |
        Request::HEADER_X_FORWARDED_PROTO;
}

Alternative - Force HTTPS in AppServiceProvider

use Illuminate\Support\Facades\URL;

public function boot(): void
{
    if ($this->app->environment('production')) {
        URL::forceScheme('https');
    }
}

Verify

php artisan config:clear && php artisan cache:clear

Notes

  • Using '*' trusts all proxies - restrict to specific IPs in production.
  • The load balancer must pass X-Forwarded-Proto: https.