Laravel with SSL through Cloudflare on Heroku.

By | June 12, 2017

 

I deployed a Laravel app on Heroku, using Cloudflare for SSL. As a quick note, here’s how I did it.

  1. Deploy the app on Heroku and make sure everything works fine using the heroku app url.
  2. Add the domain names to your app in Heroku (in the settings tab for the app). Make sure you add both the root domain and www if you’re using it (example.com, www.example.com). Don’t activate SSL in Heroku.
  3. Add the site to your Cloudflare account (choose the free plan, when asked).
  4. Point your domain to Cloudflare by changing the name servers  (at the registrars control panel) to the ones Cloudflare gives you when adding the site.
  5. Wait for the name server changes to go through. It will be notified under the Overview tab on Cloudflare. When this is done you will administer the domain records on Cloudflare instead of your domain regristrar.
  6. Remove all the DNS records you don’t need, under the DNS tab in Cloudflare.  For the next step to work you need to remove the A records for the root domain – since you won’t point it to an IP address, but a domain on Heroku.
  7. Point Cloudflare to your Heroku app by adding cname records pointing to the Heroku app url.
    Like this.

    Type: CNAME
    Name: jymden.com
    Domain name: myapp.herokuapp.com

    Type: CNAME
    Name: www
    Domain name: myapp.herokuapp.com

  8. In Cloudflare, go to the Crypto tab. Set SSL to Full:
  9. Make sure your Universal SSL certificate is activated. This will happen automatically a little while after adding the site to Cloudflare (up to 24 hours, but usually faster).  When it’s activated you’ll see it a bit down in the Crypto tab, like this:
  10. Prepare your Laravel app to use https by adding this to the boot function AppServiceProvider.php (App/Providers):
    public function boot(UrlGenerator $url)
    {
        if (env('APP_ENV') !== 'local') {
            $url->forceSchema('https');
        }
    }
    

    NOTE: if you’re using Laravel 5.4 or higher it’s forceScheme instead of forceSchema

    Also, you need to set your Laravel environment variable APP_ENV to production (or at least something else than local). Do this in the Heroku app settings tab.

  11. Now try to enter your site with https. It might take a while for it to kick in.
  12. When you see that https is working correctly, go in to the Page Rules tab in Cloudflare. Click Create Page Rule and add the rule to always use https for the domain. Use wildcards to cover all urls. Like this:
  13. Drink coffee.

Leave a Reply

Your email address will not be published. Required fields are marked *