Symfony2: How to force HTTPS for the whole application?

Question

Symfony2: How to force HTTPS for the whole application?

Is it possible to force https for the entire application without defining it for all 100 routing / firewall rules?

We tried to force https at the web server level, but symfony2 still tries to redirect to http and creates some weird links (http: // [...]: 443).

I read the configuration documentation but found nothing for this. All entries in the cookbook are also intended only to be included in the route / security rule.

+7

https nginx symfony

eReiche Sep 16 '13 at 11:49

source share

4 answers

Alexey B. · Answer 1 · 2013-09-16T15:43:29+0000

How to force HTTPS or HTTP for different URLs

The Security component provides a way to force the use of HTTP addresses through requires_channel . This alternative method is better suited to provide the "area" of your website (all URLs under / admin) or when you want to protect the URLs defined in a third-party package.

 access_control: - path: ^/secure roles: ROLE_ADMIN requires_channel: https

eReiche · Answer 2 · 2013-09-17T07:17:21+0000

We seem to have configured our web server incorrectly. For reference, here is the current configuration:

  server { listen xxxx:80; server_name domain.tld; listen 80; location / { rewrite ^(.*) https://domain.tld$1 permanent; } } server { gzip on; gzip_types text/plain text/css application/x-javascript text/xml application/xml application/rss+xml text/javascript image/x-icon; gzip_min_length 1000; gzip_comp_level 6; gzip_http_version 1.0; gzip_vary on; gzip_proxied expired no-cache no-store private auth; gzip_disable msie6; listen xxxx:443; ssl on; ssl_certificate /etc/nginx/wildcard_ssl/cert.pem; ssl_certificate_key /etc/nginx/wildcard_ssl/cert.key; server_name domain.tld; root /var/www/domain.tld/current/web/; access_log /var/log/nginx/domain.tld/access.log main; error_log /var/log/nginx/domain.tld/error.log; rewrite ^/app\.php/?(.*)$ /$1 permanent; location / { index app.php; try_files $uri @rewriteapp; } location @rewriteapp { rewrite ^(.*)$ /app.php/$1 last; } location @long_time { fastcgi_pass tldpass; fastcgi_split_path_info ^(.+\.php)(/.*)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root/app.php; fastcgi_param HTTPS on; fastcgi_read_timeout 300; } location ~ ^/app\.php(/|$) { include fastcgi_params; fastcgi_pass tldpass; fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param HTTPS on; fastcgi_read_timeout 600s; access_log /var/log/nginx/domain.tld/php-only.log; } location ~* ^.+\.(jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|wav|bmp|rtf|htc)$ { expires 31d; add_header Cache-Control private; } }

Giray kefelioglu · Answer 3 · 2018-12-15T00:59:10+0000

on security.yaml

 access_control: - { path: ^/, requires_channel: https, host: ^www\.domain\.com$ }

karser · Answer 4 · 2019-07-29T15:08:01+0000

Make the whole application process only ssl requests using https://github.com/nelmio/NelmioSecurityBundle

 nelmio_security: forced_ssl: ~

By default, the router generates https URLs:

 parameters: router.request_context.scheme: 'https'

Symfony2: How to force HTTPS for the whole application?

More articles: