Skip to content

Instantly share code, notes, and snippets.

@Keoghan

Keoghan/Laravel Valet HTTPS.md

Last active April 25, 2019 22:27
Show Gist options
  • Save Keoghan/8d190c2a8e51b2172c2b77dba0a5f898 to your computer and use it in GitHub Desktop.
Save Keoghan/8d190c2a8e51b2172c2b77dba0a5f898 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Laravel Valet HTTPS.md

#Laravel Valet HTTPS

Prior to Valet 1.1 you could user HAproxy After the introduction of Caddy server in Valet 1.1 you can add a simple file. (Recommend still generating a certificate to use for now).

Assuming we are using .dev domain.

#Valet 1.1+

Build a certificate (see next section)

Add a new file ~/.valet/Caddy/sslCaddyFile. Caddy will load this up from the main Caddyfile.

:443 {
    fastcgi / 127.0.0.1:9000 php {
        index server.php
    }

    rewrite {
        to /server.php?{query}
    }
    tls /Users/keoghan/haproxy/ssl/dev.pem /Users/keoghan/haproxy/ssl/dev.key
}

Then valet restart

#Build certificate for .dev Change the directory to suit you.

mkdir -p ~/haproxy/ssl

openssl genrsa -out haproxy/ssl/dev.key 1024

openssl req -new -key ~/haproxy/ssl/dev.key -out ~/haproxy/ssl/dev.csr

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:UK
State or Province Name (full name) [Some-State]:London
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:*.dev
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

openssl x509 -req -days 365 -in ~/haproxy/ssl/dev.csr -signkey ~/haproxy/ssl/dev.key -out ~/haproxy/ssl/dev.crt

cat ~/haproxy/ssl/dev.crt ~/haproxy/ssl/dev.key | tee ~/haproxy/ssl/dev.pem

#Valet < 1.1 ##Using HAproxy

brew install haproxy

Build the certificate as above

Make the config file ~/haproxy/haproxy.conf:

global
  maxconn 4096
  pidfile ~/tmp/haproxy-queue.pid

defaults
  log global
  log 127.0.0.1 local0
  log 127.0.0.1 local1 notice  
  mode http
  timeout connect 300000
  timeout client 300000
  timeout server 300000
  maxconn 2000
  option redispatch
  retries 3
  option httpclose
  option httplog
  option forwardfor
  option httpchk HEAD / HTTP/1.0

frontend https-frontend
  bind *:443 ssl crt /Users/keoghan/haproxy/ssl/dev.pem
  mode http
  default_backend nodes

backend nodes
  balance roundrobin
  mode http
  option forwardfor
  option httpchk HEAD / HTTP/1.1\r\nHost:localhost
  server web1 localhost:80
  http-request set-header X-Forwarded-Port %[dst_port]
  http-request add-header X-Forwarded-Proto https if { ssl_fc }

##Run it (needs to be sudo as we're binding to 443, a relatively low port number):

sudo haproxy -f ~/haproxy/haproxy.cfg

##enjoy your site at https://[blah].dev

Thanks to both laravel/valet and serverforhackers.com :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment