How to enable HTTPS in Laravel Homestead

Valerio Barbera
How to configure HTTPS in Laravel Homestead

Hi, I’m Valerio Barbera, software engineer, founder and CTO at Inspector.

In this article I’ll show you how to enable HTTPS for your local applications served by Homestead, the official development environment for Laravel developers.

I met the need to enable HTTPS because I am working to implement browser notifications for Inspector using Pusher/Beams. But Beams requires that the application be necessarily served over HTTPS. It is required also in the local development environment. 

Laravel Homestead comes to the rescue.

I adopted Laravel Homestead as my local development environment for three years. It radically changed my development experience creating a faithful replica of the production environment separated for each project.

If you are looking for a step by step guide to use Laravel Homestead to supercharge your development experience take a look at this article I wrote for Homestead beginners: 

https://inspector.dev/how-and-why-to-use-laravel-homestead-for-local-development-real-life-tips/

What is an SSL certificate?

An SSL certificate is a digital certificate that authenticates a website’s identity and enables an encrypted connection. SSL stands for Secure Sockets Layer, a security protocol that creates an encrypted link between a web server and a web browser.

In short: SSL keeps internet connections secure and prevents criminals from reading or modifying information transferred between client and server. That’s why it is a mandatory requirement to work with many web technologies.

Since its inception about 25 years ago, there have been several versions of SSL protocol, all of which at some point ran into security troubles. A revamped and renamed version followed — TLS (Transport Layer Security), which is still in use today.

However, the initials SSL stuck, so the new version of the protocol is still usually called by the old name.

Trust Laravel Homestead SSL Certificates

By default, Laravel Homestead generates a security certificate for all sites you register.

If you attempt to access your application using https://… instead of http://…, the browser and the web server (Homestead) establish an SSL connection using a process called “SSL Handshake”.

Since the Homestead certificates are generated locally, not released from a public Certificates Authority, the browser will warn you every time you visit the local site.

To get your browser to trust Homestead’s self-signed certificates, you have some options:

  • Click through the privacy warning every time you visit a local site;
  • Add each generated certificate one by one (not sure this will persist through reprovisioning);
  • Import Homestead’s root CA to your browser’s trusted authorities.

The last one is by far the most long-term solution, so I’ll show you how to do this below.

Add Homestead’s Certification Authority to Trusted Certificates in your browser

These instructions are specific to Chrome, but adding a certificate to other browsers should just be a quick Google search away.

The gist is to grab the root CA file from the Homestead Vagrant box, and copy it in your project directory. The project directory is accessible from your host machine. So you will be able to import it into Chrome.

  • First, ssh into your running Vagrant machine (vagrant ssh);
  • Navigate to /etc/ssl/certs (in Homestead versions < 11, you want to go to /etc/nginx/ssl);
  • Copy ca.homestead.homestead.pem from this directory into the project’s directory (usually /home/vagrant/code), so the command should be cp ca.homestead.homestead.pem /home/vagrant/code (in Homestead versions < 11, this file is ca.homestead.homestead.crt);
  • Open Chrome’s settings (via the menus or just visit chrome://settings in the navigation bar);
  • Go to “Manage certificates / Manage HTTPS/SSL certificates and settings”. This will open a new window (set “all files”);
  • Start the Import process, and browse for that file we just copied over;
  • When selecting the certificate store on the next screen or so, use “Place all certificates in the following store“. Browse, and select “Trusted Root Certification Authorities
  • Finish, and restart Chrome (chrome://restart in the navigation bar)

That’s it! You should be able to visit your various local sites using https without issues.

To avoid bringing the certificate file to your repository you can add the filename to your .gitignore.

For any other browser (or your OS itself), you should be able to find instructions specific to your browser for actually importing the certificate we copied in step 3.

Conclusion

Homestead is a really good tool to work with. It lets you focus on the code and not the server, and allows you to perfectly replicate the production environment.

Thank you so much for reading it, share this article with your network if you think it can be helpful for other developers too.

Laravel application monitoring

If you found this post interesting and want to drastically change your developers’ life for the better, you can give Inspector a try.

Inspector is an easy to use Code Execution Monitoring tool that helps developers to identify bugs and bottlenecks in their application automatically. Before customers do.

It is completely code-driven. You won’t have to install anything at the server level or make complex configurations in your cloud infrastructure.

It works with a lightweight software library that you can install in your application like any other dependency. You can try the Laravel package, it’s free.

Create an account, or visit our website for more information: https://inspector.dev/laravel

Related Posts

cloud costs savings with code execution monitoring

How to save thousands of dollars in cloud costs with Code Execution Monitoring

Hi, I’m Valerio, software engineer, co-founder and CTO at Inspector. In this article I want to show you a monitoring strategy to help you save thousands of dollars a year on cloud costs. The typical scenario where you can get the most payback from this strategy is when your application runs on multiple servers. If

The 5 Best Application Monitoring Tools for 2022

When it comes to application monitoring software, there are some great tools available to make our lives easier. We’ve compiled a list of the very best. No offense intended but the truth is customers are no longer interested in what you have to do to make your product work when they need it. They only

What Are Source Maps and How to Properly Use Them

You are debugging a web app for a client but the minified version of the Javascript and CSS code makes it impossible to understand what statements the browser is actually executing. You could break down the original code line by line in your editor putting some “console.log()” statements here and there, or try debugging it

Join the "Scalable Applications" community

Learn from other developers' experience.
Join the international community of developers to build scalable applications.

Inspector customer feedback
2020 © Inspector S.R.L. - VAT: 09552901218 - Progetto agevolato con la misura Resto al SUD RSUD0000000 - CUP C61B21012300008

How to build scalable applications

Get the e-book about the Inspector scalability journey.