Home » Php » php – How to force Laravel Project to use HTTPS for all routes?

php – How to force Laravel Project to use HTTPS for all routes?

Posted by: admin April 23, 2020 Leave a comment


I am working on a project that requires a secure connection.

I can set the route, uri, asset to use ‘https’ via:

Route::get('order/details/{id}', ['uses' => '[email protected]', 'as' => 'order.details', 'https']);

url($language.'/index', [], true)

asset('css/bootstrap.min.css', true)

But setting the parameters all the time seems tiring.

Is there a way to force all routes to generate HTTPS links?

How to&Answers:

You can set 'url' => 'https://youDomain.com' in config/app.php or you could use a middleware class Laravel 5 – redirect to HTTPS.


Here are several ways. Choose most convenient.

  1. Configure your web server to redirect all non-secure requests to https. Example of a nginx config:

    server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name example.com www.example.com;
        return 301 https://example.com$request_uri;
  2. Set your environment variable APP_URL using https:

  3. Use helper secure_url() (Laravel5.6)

  4. Add following string to AppServiceProvider::boot() method (for version 5.4+):



  1. Implicitly setting scheme for route group (Laravel5.6):

    Route::group(['scheme' => 'https'], function () {
        // Route::get(...)->name(...);


Place this in the AppServiceProvider in the boot() method

if($this->app->environment('production')) {


Add this to your .htaccess code

RewriteEngine On 
RewriteCond %{SERVER_PORT} 80 
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]

Replace www.yourdomain.com with your domain name. This will force all the urls of your domain to use https. Make sure you have https certificate installed and configured on your domain. If you do not see https in green as secure, press f12 on chrome and fix all the mixed errors in the console tab.

Hope this helps!


I used this at the end of the web.php or api.php file and it worked perfectly:



Using the following code in your .htaccess file automatically redirects visitors to the HTTPS version of your site:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]


public function boot()
  if(config('app.debug')!=true) {

in app/Providers/AppServiceProvider.php


add this hardcore 302 redirect to the end of public/.htaccess file,

RewriteEngine on  
RewriteCond %{SERVER_PORT} !=443
RewriteCond %{SERVER_PORT} 80 
RewriteCond %{HTTP_HOST} (.*)\.yoursite\.com$
RewriteCond %{HTTP_HOST} yoursite\.com$
RewriteCond %{HTTP_HOST} ^yoursite\.com [NC]
RewriteCond %{HTTP_HOST} ^(.*)\.yoursite\.com$

RewriteRule ^(.*) https://www.yoursite.com/%1/$1 [L,R=302]


I would prefer forceScheme instead of doing it on a web server. So Laravel app should be responsible for it.

So right way is to add if statement inside boot function in your app/Providers/AppServiceProvider.php

    if (env('APP_ENV') === 'production') {

Tip: to prove that you have APP_ENV configured correctly. Go to your Linux server, type env

This was tested on Laravel 5, specifically 5.6.


try this – it will work
in RouteServiceProvider file

    $url = \Request::url();
    $check = strstr($url,"http://");
       $newUrl = str_replace("http","https",$url);