How to place HTTPS on my app in laravel 5 rather than .htaccess

Published on Author Code Father

Make it works with a Middleware class. Let me give you an idea.

namespace MyApp\Http\Middleware;

use Closure;

class HttpsProtocol {

    public function handle($request, Closure $next)
            if (!$request->secure() && env('APP_ENV') === 'prod') {
                return redirect()->secure($request->getRequestUri());}

            return $next($request);}} 

Then, apply this middleware to every request adding setting the rule at Kernel.php file, like so:

protected $middleware = [

    // appending custom middleware 

At sample above, the middleware will redirect every request to https if:

  1. The current request comes with no secure protocol (http)
  2. If your environment is equals to prod. So, just adjust the settings according to your preferences.


I am using this code in production environment with a WildCard SSL and the code works correctly. If I remove && env('APP_ENV') === 'prod' and test it in localhost, the redirection also works. So, having or not a installed SSL is not the problem. Looks like you need to keep a very hard attention to your Cloudflare layer in order to get redirected to Https protocol.

Edit 23/03/2015

Thanks to @Adam Link‘s suggestion: it is likely caused by the headers that Cloudflare is passing. CloudFlare likely hits your server via HTTP and passes a X-Forwarded-Proto header that declares it is forwarding a HTTPS request. You need add another line in your Middleware that say…

$request->setTrustedProxies( [ $request->getClientIp()]);   

…to trust the headers CloudFlare is sending. This will stop the redirect loop

Edit 27/09/2016 – Laravel v5.3

Just need to add the middleware class into web group in kernel.php file:

protected $middlewareGroups = [
    'web' => [

        // here


Remember that web group is applied to every route by default, so you do not need to set web explicitly in routes nor controllers.