SSL in Laravel Homestead 2.0

Submitted by jhauraw - 8 years ago

Until Taylor makes it part of Homestead, here's one way to add SSL support for your dev sites. Plenty of room for improvement, so please add your ideas. For example, generating the ssl certs in the loop, instead of including them.

# 1. In Homestead.yaml

# Add a mapping for a scripts folder.
# You will need to create this dir under ~/.homestead
# on your local machine first and an /ssl sub-
# directory which contains your ssl .crt/.key files.
    - map: ~/.homestead/scripts
      to: /home/vagrant/homestead/scripts
# 2. Generate SSL .crt and .key files.

# You can generate dummy ssl .crt/.key files online
# or via the terminal. Name them each with the same
# host name as in the site_hosts array below.
# 3. In ~/.homestead/

# So the array below doesn't throw an error, change hash-bang to:
#!/usr/bin/env bash

# Populate this array with each of your dev site hostnames.
# This could be pulled from Homestead.yaml somehow.
sites_hosts=( host_name_of_site1 ) # array, e.g.,

# Save our Homestead.yaml mapped folder to a var.

# Config for SSL.
echo "--- Making SSL Directory ---"
mkdir /etc/nginx/ssl

for i in "${sites_hosts[@]}"
    echo "--- Copying $i SSL crt and key ---"
    cp $scripts_dir/ssl/$i.crt /etc/nginx/ssl/$i.crt
    cp $scripts_dir/ssl/$i.key /etc/nginx/ssl/$i.key

    echo "--- Turning SSL on in nginx.conf. ---"
    # Comment out this line if you prefer ssl on a per
    # server basis, rather for all sites on the vm.
    # If commented out you can access hosts on http
    # port 8000, and https port 44300. If uncommented,
    # you can ONLY access hosts via https on port 44300.
    sed -i "/sendfile on;/a \\        ssl on;" /etc/nginx/nginx.conf

    echo "--- Inserting SSL directives into site's server file. ---"
    sed -i "/listen 80;/a \\\n    listen 443 ssl;\n    ssl_certificate /etc/nginx/ssl/$i.crt;\n    ssl_certificate_key /etc/nginx/ssl/$i.key;\n\n" /etc/nginx/sites-available/$i


echo "--- Restarting Serivces ---"
service nginx restart
service php5-fpm restart

# 4. Now visit your host with ssl:
# https://site_host:44300

# or if you commented out the global ssl directive:
# http://site_host:8000

# 5. Bonus

# You can instead include individual scripts
# in for better organization, like this:

# Setup NGINX for SSL
. "$scripts_dir/"