HTTPS behind reverse proxy

[AlexClineBB]

We've deployed FirePhish with a load balancer in front of it. Due to the way Laravel generates asset URLs, requests to https://firephish.example.com would attempt to load assets from http://firephish.example.com. To fix this issue, I updated the app/Http/routes.php file to have the following at the top:

$proxy_url    = getenv('PROXY_URL');
$proxy_schema = getenv('PROXY_SCHEMA');

if (!empty($proxy_url)) {
   URL::forceRootUrl($proxy_url);
}

if (!empty($proxy_schema)) {
   URL::forceSchema($proxy_schema);
}

And added the following to the .env file:

PROXY_URL = http://firephish.example.com/
PROXY_SCHEMA = https

I'm not familiar enough with Laravel to submit a PR to patch this in a more permanent way, but I figured I'd document it for others who use this configuration.

[Raikia]

Interesting, I'll take a look into proper implementation of this.

To add to your changes, you may have some problems if you change other configurations via "Settings" --> "Configurations" since it will cache the .env file. Due to the way laravel works, I suggest you add the following to "/config/firephish.php":

'PROXY_URL' => env('PROXY_URL', null),
'PROXY_SCHEMA' => env('PROXY_SCHEMA', null)

Then run php artisan config:cache

Then instead of you using "getenv", use "config('firephish.PROXY_URL')" and "config('firephish.PROXY_SCHEMA')".

But as I said, I will add this as a proper implementation soon.

Note: FirePhish recently changed name to FiercePhish. This also means all references to firephish have been updated to fiercephish, so if you are using the latest version, look for fiercephish instead of firephish

[Raikia]

You can see I ran into the problem of using env() vs config() as well on commit e6c4579 :-)