Laravel:如何强制使用 HTTPS?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/44006146/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel: how to force HTTPS?
提问by realtebo
I'm starting to develop a new big app, and I'm using Laravel this time, and it's the first time.
我开始开发一个新的大应用,这次我用的是 Laravel,而且还是第一次。
I need to force HTTPS for all pages, it's not important if from code or by .htaccess, but I'm not able to find a simple tutorial.
我需要为所有页面强制使用 HTTPS,从代码还是通过 .htaccess 并不重要,但我找不到简单的教程。
The official docs dosn't speak about this problem.
官方文档没有谈到这个问题。
For info, my acutal .htaccess is
有关信息,我的 .htaccess 是
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ / [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
My question is specific to Laravel 5, because I ve no idea on where and how modify this .htaccess file. And also I'am asking you if this is the right way for Laravel or if Laravel has something specific to setup to handle HTTPs.
我的问题是针对 Laravel 5 的,因为我不知道在哪里以及如何修改这个 .htaccess 文件。而且我还问你这是否是 Laravel 的正确方法,或者 Laravel 是否有特定的设置来处理 HTTPs。
So please do not close my question and try to be more adherent to the Laravel specific topic.
所以请不要结束我的问题,并尝试更加关注 Laravel 的特定主题。
If you can post a simple way to modify this file AND/OR What to modify in Laravel config to properly handle https.
如果您可以发布一种简单的方法来修改此文件和/或在 Laravel 配置中修改什么以正确处理 https。
But in short yes, I want to force every call to transit on HTTPS.
但简而言之,是的,我想强制每个调用都在 HTTPS 上传输。
回答by Mortada Jafar
You need adding this to your .htaccessfile:
您需要将其添加到您的.htaccess文件中:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://YOURWEBSITEDOMAIN/ [R,L]
See this: http://www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file
看到这个:http: //www.inmotionhosting.com/support/website/ssl/how-to-force-https-using-the-htaccess-file
回答by Webinion
Try adding this code in your .htaccess file.
尝试在您的 .htaccess 文件中添加此代码。
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
回答by Amitesh
When you want to Render all URLs with https. The simplest method is use below code in the boot()function of app/Providers/AppServiceProvider.php :
当您想使用 https 呈现所有 URL 时。最简单的方法是在app/Providers/AppServiceProvider.php的boot()函数中使用以下代码:
\URL::forceScheme('https');
\URL::forceScheme('https');
回答by Sandeesh
You could try searching here first. There's tons of questions for the same issue with answers.
你可以先在这里搜索一下。同一个问题有很多问题有答案。
https://stackoverflow.com/a/4399158/5892849
https://stackoverflow.com/a/4399158/5892849
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
回答by fcva
Change your domain in .htaccess by:
通过以下方式更改 .htaccess 中的域:
RewriteCond %{HTTP_HOST} mydomain.com [NC]
RewriteCond %{HTTP_HOST} mydomain.com [NC]
RewriteRule ^(.*)$ https://mydomain/$1 [R,L]
重写规则 ^(.*)$ https://mydomain/$1 [R,L]
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Added to Force HTTPS
RewriteCond %{HTTP_HOST} mydomain\.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://mydomain/ [R,L]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ / [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
回答by kelvin
This worked for me
这对我有用
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^(.*)$ public/ [L]
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} !^public [L,R=301]
</IfModule>
回答by Manford Benjamin
Add this to the boot method in AppServiceProvider
将此添加到 AppServiceProvider 中的引导方法
if($this->app->environment('production'))
{
$this->app['request']->server->set('HTTPS','on');
}
回答by Cristovam Ruiz Jr
This worked for me:
这对我有用:
# Check if HTTPS is enabled
#RewriteCond %{HTTPS} ^on$ [NC]
#RewriteCond %{QUERY_STRING} !https-is-on [NC]
#RewriteRule (.*) /?https-is-on [R,L]
# Redirect all HTTP to HTTPS requests
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Remove index.php from the url
RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC]
RewriteRule (.*?)index\.php/*(.*) / [R=301,NE,L]
回答by Meror
This is my config, with other configs from the topic I had a cyclic redirect.
这是我的配置,与主题中的其他配置我有一个循环重定向。
(also redirects www to without www)
(也将 www 重定向到没有 www)
RewriteEngine On
RewriteBase /
#redirect from www to non-www(https)
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ https://%1/ [R=301,L]
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ / [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
回答by Jeybin George
Try changing the "APP_URL" in the .env file from
尝试将.env 文件中的“ APP_URL”从
APP_URL = http://example.com
to
到
APP_URL = https://example.com
