(Optional) After you configure your server using an SSL certificate, if your hosting provider does not provide a HTTPS redirect service, you will need to force the HTTPS protocol to use it for your website
To force the HTTPS protocol, please use only one of the following methods (from the server config file or from the app's PHP file)
You need to add the code below into the /public/.htaccess file
# Redirect all normal pages to https pages (http => https)
RewriteCond %{HTTPS} ^off$ [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]Of course, if you’re not using the Apache web server, then any changes you make to the .htaccess file is going to be irrelevant. Fortunately, it’s pretty easy to configure Nginx to force SSL, as demonstrated by this short configuration snippet:
server {
listen 443 ssl;
server_name domain.com;
return 301 https://domain.tld$request_uri;
}You need to uncomment the line 38 of the file /app/Http/Middleware/HttpsProtocol.php by editing it like this:
// Production is not currently secure
return redirect()->secure($request->getRequestUri());To force all your links to use the HTTPS protocol, you will need to activate the HTTPS support for your website by updating in the file /.env the variables below:
APP_URL=https://domain.tld
FORCE_HTTPS=trueMake sure using the right value for the website URL/domain, which can include or not www (https://domain.tld or https://www.domain.tld).