I installed certbot certificates on my laravel 5.7 app, with having:
certbot certificates
# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: www.votes.nilov-sergey-demo-apps.tk
Domains: www.votes.nilov-sergey-demo-apps.tk
Expiry Date: 2019-03-23 12:31:35+00:00 (VALID: 86 days)
Certificate Path: /etc/letsencrypt/live/www.votes.nilov-sergey-demo-apps.tk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.votes.nilov-sergey-demo-apps.tk/privkey.pem
Certificate Name: votes.nilov-sergey-demo-apps.tk
Domains: votes.nilov-sergey-demo-apps.tk www.votes.nilov-sergey-demo-apps.tk
Expiry Date: 2019-03-23 12:26:54+00:00 (VALID: 86 days)
Certificate Path: /etc/letsencrypt/live/votes.nilov-sergey-demo-apps.tk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/votes.nilov-sergey-demo-apps.tk/privkey.pem
I used command
sudo certbot --apache -d votes.nilov-sergey-demo-apps.tk -d www.votes.nilov-sergey-demo-apps.tk
for this
In my .env file I modified row :
APP_URL=https://www.votes.nilov-sergey-demo-apps.tk
and in file public/.htaccess I added lines for https support , I hoped that with this changes any not https request would be redirected to https://www.url
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{HTTPS} !=on # I ADDED THESE 2 LINES !
RewriteRule ^.*$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
I make some checks and seems it does not work alway as I expected, Opening backend page, say
https://www.votes.nilov-sergey-demo-apps.tk/admin/vote/edit/19
if manually to remove https://www. from url that page is redirected https://www.votes.nilov-sergey-demo-apps.tk/admin/vote/edit/19
But if manually to remove www. from url, I error: got error:
Your connection is not private
Attackers might be trying to steal your information from votes.nilov-sergey-demo-apps.tk (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID
I am not sure is it safe and which steps have I to make to be sure that my site is alwasys in safe https url?
Thanks!
via Chebli Mohamed
Aucun commentaire:
Enregistrer un commentaire