How to enable HTTPS in Laravel Homestead

Valerio Barbera
How to configure HTTPS in Laravel Homestead

Hi, I’m Valerio Barbera, software engineer, founder and CTO at Inspector.

In this article I’ll show you how to enable HTTPS for your local applications served by Homestead, the official development environment for Laravel developers.

I met the need to enable HTTPS because I am working to implement browser notifications for Inspector using Pusher/Beams. But Beams requires that the application be necessarily served over HTTPS. It is required also in the local development environment. 

Laravel Homestead comes to the rescue.

I adopted Laravel Homestead as my local development environment for three years. It radically changed my development experience creating a faithful replica of the production environment separated for each project.

If you are looking for a step by step guide to use Laravel Homestead to supercharge your development experience take a look at this article I wrote for Homestead beginners: 

https://inspector.dev/how-and-why-to-use-laravel-homestead-for-local-development-real-life-tips/

What is an SSL certificate?

An SSL certificate is a digital certificate that authenticates a website’s identity and enables an encrypted connection. SSL stands for Secure Sockets Layer, a security protocol that creates an encrypted link between a web server and a web browser.

In short: SSL keeps internet connections secure and prevents criminals from reading or modifying information transferred between client and server. That’s why it is a mandatory requirement to work with many web technologies.

Since its inception about 25 years ago, there have been several versions of SSL protocol, all of which at some point ran into security troubles. A revamped and renamed version followed — TLS (Transport Layer Security), which is still in use today.

However, the initials SSL stuck, so the new version of the protocol is still usually called by the old name.

Trust Laravel Homestead SSL Certificates

By default, Laravel Homestead generates a security certificate for all sites you register.

If you attempt to access your application using https://… instead of http://…, the browser and the web server (Homestead) establish an SSL connection using a process called “SSL Handshake”.

Since the Homestead certificates are generated locally, not released from a public Certificates Authority, the browser will warn you every time you visit the local site.

To get your browser to trust Homestead’s self-signed certificates, you have some options:

  • Click through the privacy warning every time you visit a local site;
  • Add each generated certificate one by one (not sure this will persist through reprovisioning);
  • Import Homestead’s root CA to your browser’s trusted authorities.

The last one is by far the most long-term solution, so I’ll show you how to do this below.

Add Homestead’s Certification Authority to Trusted Certificates in your browser

These instructions are specific to Chrome, but adding a certificate to other browsers should just be a quick Google search away.

The gist is to grab the root CA file from the Homestead Vagrant box, and copy it in your project directory. The project directory is accessible from your host machine. So you will be able to import it into Chrome.

  • First, ssh into your running Vagrant machine (vagrant ssh);
  • Navigate to /etc/ssl/certs (in Homestead versions < 11, you want to go to /etc/nginx/ssl);
  • Copy ca.homestead.homestead.pem from this directory into the project’s directory (usually /home/vagrant/code), so the command should be cp ca.homestead.homestead.pem /home/vagrant/code (in Homestead versions < 11, this file is ca.homestead.homestead.crt);
  • Open Chrome’s settings (via the menus or just visit chrome://settings in the navigation bar);
  • Go to “Manage certificates / Manage HTTPS/SSL certificates and settings”. This will open a new window (set “all files”);
  • Start the Import process, and browse for that file we just copied over;
  • When selecting the certificate store on the next screen or so, use “Place all certificates in the following store“. Browse, and select “Trusted Root Certification Authorities
  • Finish, and restart Chrome (chrome://restart in the navigation bar)

That’s it! You should be able to visit your various local sites using https without issues.

To avoid bringing the certificate file to your repository you can add the filename to your .gitignore.

For any other browser (or your OS itself), you should be able to find instructions specific to your browser for actually importing the certificate we copied in step 3.

Conclusion

Homestead is a really good tool to work with. It lets you focus on the code and not the server, and allows you to perfectly replicate the production environment.

Thank you so much for reading it, share this article with your network if you think it can be helpful for other developers too.

Laravel application monitoring

If you found this post interesting and want to drastically change your developers’ life for the better, you can give Inspector a try.

Inspector is an easy to use Code Execution Monitoring tool that helps developers to identify bugs and bottlenecks in their application automatically. Before customers do.

It is completely code-driven. You won’t have to install anything at the server level or make complex configurations in your cloud infrastructure.

It works with a lightweight software library that you can install in your application like any other dependency. You can try the Laravel package, it’s free.

Create an account, or visit our website for more information: https://inspector.dev/laravel

Related Posts

Python Flask vs Django

Python offers several frameworks to streamline the development process. In this article we compare Flask vs Django, two of the most known frameworks for web development. As anticipated in previous articles we are building our Machine Learning API in Python. The choice of the framework to use was an important step to guarantee the best

Custom Laravel Eloquent Collections – Fast tips

Eloquent is one of the most powerful components of the Laravel framework. It is an Object-Relational Mapping (ORM) tool that simplifies database interactions. Laravel Eloquent provides a convenient way to work with database records through its built-in collections. While Laravel comes with a variety of pre-defined collection methods, you can also create your own custom

What is a SIEM, and how is it used in Cyber Security?

After five years working in the minitoring industry I learned a lot about the impact monitoring platforms has in the Cyber Security posture of software development companies. In today’s interconnected world, the need for robust cybersecurity measures has become more critical than ever before. One essential component of a comprehensive cybersecurity strategy is Security Information