Snapt Nova

Nova is a centrally managed, container-based ADC platform providing Layer 7 load balancing, GSLB, WAF and web acceleration. Nova is cloud-native, hyperscale and intelligent.

Snapt Aria

Software load balancing, web acceleration, WAF and global DNS load balancer. Blazing fast throughputs, high SSL TPS and runs on any cloud, VM or bare metal.

Need help choosing?

Compare Snapt Nova and Snapt Aria. You can even try them both for free.

Got time for a good read?

Menu
Book A Demo
Try It Free

Supporting SSL Termination in Laravel

Dave Blakey
September 23, 2018 at 9:00 AM

Like many of our clients, we use the Laravel framework extensively at Snapt. Laravel 5.5 includes support for SSL termination (e.g. the Snapt Aria Web Accelerator) in the base package, making it easier than ever to support SSL offloading.

SSL termination and headers background

SSL termination is about ending the SSL communication at the load balancer, and then sending plain text to your webservers. The problem is that your webservers need to know when pages have been viewed using SSL, e.g. on login pages.

For example, you may have a check in your $_SERVER array built into your app; and that then causes a redirect loop.

These are the two main headers you will typically find SSL acceleration/termination systems using (e.g. Snapt).

  • X-Forwarded-For – the source IP address that the request came from. Useful because all your requests will come from the load balancers IP without this.
  • X-Forwarded-Proto – the standard header for identifying the protocol, e.g. HTTPS.

So instead of a piece of code like this:

if (empty($_SERVER['HTTPS'])) {
    Header("Location: https://www.mysite.com");
    exit;
}

You can (in a simple example) do the following:

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] != 'https') {
    Header("Location: https://www.mysite.com");
    exit;
}

Support in Laravel

Many applications and frameworks have native support for this today. You need to configure what your trusted proxies are (e.g. the IP of your Snapt device) in order to support this.

Publish the config file with:

php artisan vendor:publish --provider="Fideloper\Proxy\TrustedProxyServiceProvider"

Then edit the config file, and fill the IP's in for proxies[]

<?php

return [

  /*
   * Set trusted proxy IP addresses.
   *
   * [..]
   */
   'proxies' => [
     '192.168.1.10',
   ],


  /*
   * Default Header Names
   *
   * [..]
   */
   'headers' => [
     (defined('Illuminate\Http\Request::HEADER_FORWARDED') ?
Illuminate\Http\Request::HEADER_FORWARDED : 'forwarded') => 'FORWARDED',
     Illuminate\Http\Request::HEADER_CLIENT_IP => 'X_FORWARDED_FOR',
     Illuminate\Http\Request::HEADER_CLIENT_HOST => 'X_FORWARDED_HOST',
     Illuminate\Http\Request::HEADER_CLIENT_PROTO => 'X_FORWARDED_PROTO',
     Illuminate\Http\Request::HEADER_CLIENT_PORT => 'X_FORWARDED_PORT',
  ]
];

Please check our knowledge base for more background on using X-Forwarded-For headers to get Source IPs.

Try Snapt on Laravel
Snapt Aria is a full Layer 7 software load balancer, web accelerator, WAF and global DNS load balancer. Blazing fast throughputs, high SSL TPS and Snapt runs on any cloud, VM or bare metal.

Try Aria Free  

You May Also Like

These Stories on Snapt Aria

Subscribe by Email