Before enabling HTTP(s) make sure you have the certification installed in your server in the domain name.
To check if the certificate is working go to https://yourdomain.com. If it shows green secured then the certificate is installed and we’re ready to use it.
To force redirect every user to https follow the below steps:
- Inside the codebase, you will find .htaccess file, open the file.
- This file will have some codes like this:
RewriteEngine On RewriteRule ^(.*)$ public/$1 [L]
Keep a back up of existing code and change the content to:
RewriteEngine On RewriteCond %{HTTPS} !on RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] RewriteRule ^(.*)$ public/$1 [L]
- Open the .env file and change the APP_URL to include https.
- Refresh your browser and check. It should redirect to https by default.