Laravel Deployment: Setup Nginx

Install Let’s Encrypt Certificate

# add-apt-repository ppa:certbot/certbot
# apt-get update
# apt-get install python-certbot-nginx

Obtain the certificate:

# certbot --nginx -d example.com -d www.example.com

Force redirect to HTTPS:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

Edit nginx site configuration:

server {
	listen 80 ;
	listen [::]:80 ;

	root /path-to-laravel-app/public;

	# Add index.php to the list if you are using PHP
	server_name laravel.app.name; # managed by Certbot

	add_header X-Frame-Options "SAMEORIGIN";
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Content-Type-Options "nosniff";

	index index.html index.htm index.php;

	charset utf-8;

	location / {
        	try_files $uri $uri/ /index.php?$query_string;
	}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt  { access_log off; log_not_found off; }

	error_page 404 /index.php;

	location ~ \.php$ {
        	fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
	        fastcgi_index index.php;
        	fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
	        include fastcgi_params;
    	}

    	location ~ /\.(?!well-known).* {
        	deny all;
	}

	listen [::]:443 ssl ipv6only=on; # managed by Certbot
	listen 443 ssl; # managed by Certbot
	ssl_certificate /etc/letsencrypt/live/laravel.app.name/fullchain.pem; # managed by Certbot
	ssl_certificate_key /etc/letsencrypt/live/laravel.app.name/privkey.pem; # managed by Certbot
	include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
	ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}