Supporting SSL Termination in Laravel

by Dave Blakey on Snapt Aria • September 23, 2018 Supporting SSL Termination in Laravel

Like many of our clients, we use the Laravel framework extensively at Snapt. Laravel 5.5 includes support for SSL termination (e.g. the Snapt Aria Web Accelerator) in the base package, making it easier than ever to support SSL offloading.

SSL termination and headers background

SSL termination is about ending the SSL communication at the load balancer, and then sending plain text to your webservers. The problem is that your webservers need to know when pages have been viewed using SSL, e.g. on login pages.

For example, you may have a check in your $_SERVER array built into your app; and that then causes a redirect loop.

These are the two main headers you will typically find SSL acceleration/termination systems using (e.g. Snapt).

  • X-Forwarded-For – the source IP address that the request came from. Useful because all your requests will come from the load balancers IP without this.
  • X-Forwarded-Proto – the standard header for identifying the protocol, e.g. HTTPS.

So instead of a piece of code like this:

if (empty($_SERVER['HTTPS'])) {

You can (in a simple example) do the following:

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] != 'https') {

Support in Laravel

Many applications and frameworks have native support for this today. You need to configure what your trusted proxies are (e.g. the IP of your Snapt device) in order to support this.

Publish the config file with:

php artisan vendor:publish --provider="Fideloper\Proxy\TrustedProxyServiceProvider"

Then edit the config file, and fill the IP's in for proxies[]


return [

   * Set trusted proxy IP addresses.
   * [..]
   'proxies' => [

   * Default Header Names
   * [..]
   'headers' => [
     (defined('Illuminate\Http\Request::HEADER_FORWARDED') ?
Illuminate\Http\Request::HEADER_FORWARDED : 'forwarded') => 'FORWARDED',
     Illuminate\Http\Request::HEADER_CLIENT_IP => 'X_FORWARDED_FOR',
     Illuminate\Http\Request::HEADER_CLIENT_HOST => 'X_FORWARDED_HOST',
     Illuminate\Http\Request::HEADER_CLIENT_PROTO => 'X_FORWARDED_PROTO',
     Illuminate\Http\Request::HEADER_CLIENT_PORT => 'X_FORWARDED_PORT',

Please check our knowledge base for more background on using X-Forwarded-For headers to get Source IPs.

Try Snapt on Laravel
Snapt Aria is a full Layer 7 software load balancer, web accelerator, WAF and global DNS load balancer. Blazing fast throughputs, high SSL TPS and Snapt runs on any cloud, VM or bare metal.

Try Aria Free