My site is using a subdomain for invoice ninja http://invoice.mywebsite.com
The site is hosted with GoDaddy on a shared server.
I have a Cloudflare A record configured to point to my host IP which will serve the website over HTTPS
As soon as I turn on REQUIRE_HTTPS=true in .env - I am unable to access the site over HTTPS.
The APP_URL in .env is set to https://invoice.mywebsite.com
My site works absolutely fine over HTTP
Can anyone help?
Almost able to resolve my own issue
Changed Cloudflare SSL type from Full to Flexible
I get an error:
ERR_TOO_MANY_REDIRECTS
If I change TRUSTED_PROXIES in env to TRUSTED_PROXIES="*" it then works over HTTPS however not recommended
Can anyone advise how this can be secured?
If you know the IPs you could specify them rather than use *
Hi Hillel, I tried this but got the same issue
I’m not too familiar with Laravel - perhaps the syntax is incorrect?
TRUSTED_PROXIES=“103.21.244.0/22”,“103.22.200.0/22”,“103.31.4.0/22”,“104.16.0.0/12”,“108.162.192.0/18”,“131.0.72.0/22”,“141.101.64.0/18”,“162.158.0.0/15”,“172.64.0.0/13”,“173.245.48.0/20”,“188.114.96.0/20”,“190.93.240.0/20”,“197.234.240.0/22”,“198.41.128.0/17”
I think you have too many quotes, it should be “ip,ip,ip,…”
Tried that also but same issue
I will continue to work on a solution and post here when resolved
Did you figure this out? I’m using nginx (proxy_pass) for invoice ninja and I have only been able to get it work if I specify an (*) asterisk as TRUSTED_PROXIES.
I tried specifying a single IP address of nginx but that didn’t work. I also tried CIDR notation, also did not work.
Does anyone know that TRUSTED_PROXIES actually does?
TRUSTED_PROXIES accepts a comma delimited list of subnets
https://invoice-ninja.readthedocs.io/en/latest/configure.html#using-a-reverse-proxy
Yea. I tried exactly
TRUSTED_PROXIES=‘10.0.0.0/8,172.16.0.0/12,192.168.0.0/16’
which is basically *
…but they don’t work equally.
After I put the right IP address it worked. Lol. Not sure where I came up with the IP I tried originally. Brain fart.