The information your about to store is not secure — how to fix it in Laravel, nginx or fastcgi and force https

This is intended to be quick ‘to the point’ and isn’t for individuals without past knowledge of nginx, fastcgi or Laravel.

Laravel

1. Create a middleware
2. Force all redirects to be https.

public function handle($request, Closure $next)
    {
        $next = $next($request);
         if ($next instanceof RedirectResponse) {
            $next->setTargetUrl(str_replace('http://', 'https://',    $next->getTargetUrl()));
        }
       return $next;
    }

3. within Kernel.php add the middleware to all routes.

protected $middleware = [
 ....
 \App\Http\Middleware\ForceSSL::class,
];

Nginx

Set the forward prototype/port to https and port 443.

location ~ \.php$ {
  proxy_set_header HTTP_X-Forwarded-Proto "https";
  proxy_set_header HTTP_X-Forwarded-Port "443";
}

Fastcgi

Set the forward prototype/port to https and port 443.

location ~ \.php$ {
 fastcgi_param HTTP_X-Forwarded-Proto “https”;
 fastcgi_param HTTP_X-Forwarded-Port “443”;
 include fastcgi_params;
}