Like many of our clients, we the Laravel framework extensively at Snapt. In Laravel 5.5 they have included support for SSL termination (e.g. the Snapt Web Accelerator) in the base package, making it easier than ever to support SSL offloading.

SSL termination and headers background

SSL termination is about ending the SSL communication at the load balancer, and then sending plain text to your webservers. The problem is that your webservers need to know when pages have been viewed using SSL, e.g. on login pages.  

For example, you may have a check in your $_SERVER array built into your app; and that then causes a redirect loop.

These are the two main headers you will typically find SSL acceleration/termination systems using (e.g. Snapt).

  • X-Forwarded-Forthe source IP address that the request came from. Useful because all your requests will come from the load balancers IP without this.
  • X-Forwarded-Proto – the standard header for identifying the protocol, e.g. HTTPS.

So instead of a piece of code like this:

if (empty($_SERVER['HTTPS'])) {
	Header("Location: https://www.mysite.com");
	exit;
}

You can (in a simple example) do the following:

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] != 'https') {
	Header("Location: https://www.mysite.com");
	exit;	
}

Support in Laravel

Many applications and frameworks have native support for this today. You need to configure what your trusted proxies are (e.g. the IP of your Snapt device) in order to support this.

Publish the config file with:

php artisan vendor:publish --provider="Fideloper\Proxy\TrustedProxyServiceProvider"

Then edit the config file, and fill the IP's in for proxies[]

<?php

return [

    /*
     * Set trusted proxy IP addresses.
     *
     * [..]
     */
    'proxies' => [
        '192.168.1.10',
    ],

    
    /*
     * Default Header Names
     *
     * [..]
     */
    'headers' => [
        (defined('Illuminate\Http\Request::HEADER_FORWARDED') ? Illuminate\Http\Request::HEADER_FORWARDED : 'forwarded') => 'FORWARDED',
        Illuminate\Http\Request::HEADER_CLIENT_IP    => 'X_FORWARDED_FOR',
        Illuminate\Http\Request::HEADER_CLIENT_HOST  => 'X_FORWARDED_HOST',
        Illuminate\Http\Request::HEADER_CLIENT_PROTO => 'X_FORWARDED_PROTO',
        Illuminate\Http\Request::HEADER_CLIENT_PORT  => 'X_FORWARDED_PORT',
    ]
];

Please check our knowledge base for more background on using X-Forwarded-For headers to get Source IPs.

Try Snapt on Laravel

Snapt is a full load balancing and web acceleration software solution. Try it for free, or learn more.