Question posted in
Some documentation to get you started can be found here.

How to force Heroku PHP app to use SSL certificate (https)? – Apache

I am trying to force my heroku web app to use the automatic certificate offered from heroku. I need to force all my links to use https. So I added lines:

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

To the htaccess file, but now I get the error "This page isn’t working, too many redirects". What do I put in my htaccess file to force https? Everyone online I’ve found uses this, but if I delete my other rules my website does not load.

<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
    Options -MultiViews -Indexes
</IfModule>

RewriteEngine On

RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]

# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Figured it out. In Laravel under AppServiceProvider.php, you can put this is the boot() function to force https on your laravel app.

    Hope this helps anyone!

    /**
 * Bootstrap any application services.
 *
 * @return void
 */
public function boot()
{
    if($this->app->environment('production')) {
        URL::forceScheme('https');
    }
}

  2. 0

    Everyone online I’ve found uses this

    Is that "everyone" using Heroku?

    I believe Heroku uses a reverse proxy to manage the SSL certificate, so you can’t use the Apache HTTPS server variable, since your application is actually communicating over plain HTTP to the proxy.

    Try the following instead:

    RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    The reverse proxy sets the X-Forwarded-Proto HTTP request header, informing the application of the type of request that the client made to the proxy.

    You will need to clear your browser cache before testing.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search