I deployed a Laravel 9 app (with Jetstream/Livewire) to DigitalOcean using their "App" service from GitHub. Deployment was smooth and CI/CD works fine.
When viewing the application in the browser, I noticed that the assets (CSS and JS) are being served with a HTTP URL. None of the modern browsers like this (called "mixed content"). So I configured Vite (/vite.config.js
) to compile the assets using HTTPS. Now they work.
However, Laravel itself insists on using HTTP when building URL's within the Blade templates (url()
and route()
). For instance, on the login page, the login form action is http://mywebsite.com.
I have tried:
- Editing AppServiceProvider.php and adding
\Illuminate\Support\Facades\URL::forceScheme('https');
to theboot()
method - Setting proxies to
'*'
in TrustProxies middleware - Adding all of the CloudFlare IP's to the proxies property of TrustProxies middleware
- Setting
APP_URL
andASSET_URL
to https://mywebsite.com in .env - Clearing the caches after changing the settings by
php artisan optimize:clear
But none of this has helped and the forms (and other URL's) are generated under the HTTP scheme. I am guessing that the reverse proxy setup is confusing Laravel. What are the right Laravel settings to help it play nicely with DigitalOcean App service (which uses Heroku and CloudFlare? for deployment)?
Turns out,
forceScheme()
should be added as\URL::forceScheme('https');
and not as
\Illuminate\Support\Facades\URL::forceScheme('https');
Because it lives in the
Illuminate\Routing\UrlGenerator
class. Some answer in the internets has mislead me... Don't let is mislead you!