SYS://VISION.ACTIVE
VIEWPORT.01
LAT 28.0222° N
SIGNAL.NOMINAL
VISION Loading
Back to Blog
devops Oct 30, 2024 11 min read

SSL/TLS Configuration: Securing Your Laravel Application

Shane Barron

Shane Barron

Laravel Developer & AI Integration Specialist

HTTPS Is Required

HTTPS isn't optional anymore. Browsers warn about insecure sites, search engines penalize them, and users expect encryption. Proper SSL/TLS configuration is essential.

Let's Encrypt with Certbot

# Install Certbot
apt install certbot python3-certbot-nginx

# Get certificate
certbot --nginx -d example.com -d www.example.com

# Auto-renewal (runs twice daily)
certbot renew --dry-run

Nginx SSL Configuration

server {
    listen 443 ssl http2;
    server_name example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    # Modern configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
    ssl_prefer_server_ciphers off;

    # HSTS
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    # OCSP Stapling
    ssl_stapling on;
    ssl_stapling_verify on;
}

# Redirect HTTP to HTTPS
server {
    listen 80;
    server_name example.com;
    return 301 https://$server_name$request_uri;
}

Laravel HTTPS Configuration

// Force HTTPS in production
// app/Providers/AppServiceProvider.php
public function boot()
{
    if (app()->environment('production')) {
        URL::forceScheme('https');
    }
}

// .env
APP_URL=https://example.com
FORCE_HTTPS=true

Security Headers

// Middleware for security headers
public function handle($request, Closure $next)
{
    $response = $next($request);

    return $response
        ->header('X-Content-Type-Options', 'nosniff')
        ->header('X-Frame-Options', 'DENY')
        ->header('X-XSS-Protection', '1; mode=block')
        ->header('Referrer-Policy', 'strict-origin-when-cross-origin');
}

Testing SSL Configuration

Use SSL Labs (ssllabs.com/ssltest) to verify your configuration. Aim for an A+ rating.

Conclusion

Proper SSL/TLS configuration protects users and improves SEO. Use Let's Encrypt for free certificates, configure modern protocols, and add security headers.

Share this article
Shane Barron

Shane Barron

Strategic Technology Architect with 40 years of experience building production systems. Specializing in Laravel, AI integration, and enterprise architecture.

Related Articles

devops

Docker for Laravel in Production: A Complete Guide

 devops

CI/CD for Laravel with GitHub Actions: Automated Testing and Deployment

 devops

Running Laravel on Kubernetes: From Basics to Production

Need Help With Your Project?

I respond to all inquiries within 24 hours. Let's discuss how I can help build your production-ready system.

Get In Touch