our installation of invoice ninja is secured via ssl behind a reverse proxy. The certificate is good and tested, I added
SESSION_ENCRYPT=true
SESSION_SECURE=true
in .env file but it does not change anything.
where is the setting to make sure that every elements of the site is encrypted ?
To require SSL un-comment the rewrite rules at the end of public/.htaccess
this does not work for apache behind a nginx reverse proxy. I’ll see if we can rewrite it from nginx
Another option to try is to set APP_ENV to fortrabbit in the .env file.
This will enable the HTTPS check at the top of app/Http/Middleware/StartupCheck.php.
Note: this will be changed to a setting in the next release.