id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
15733	Wordpress Installation behind reverse-proxy ssl redirect loop	costasd		"Hello,

In my job, we are evaluating wordpress for our main site, and we seem to have a little problem with our setup.

First of all, our setup:
We use a pretty common setup with reverse proxy(nginx) in front of our LAMP stack. Nginx serves static files(e.g. images) and proxy-passes all other requests to apache2. Nginx handles both http & https, speaking http to backend(apache2)

The problem:
In setups like that, some server variables, are not used. This is why you have to use mod-rpaf on apache to get the client ip.
One of those variables, is $_SERVER['HTTPS'].
So in a setup with reverse-proxy in front, you have to set a variable $_SERVER['HTTP_X_FORWARDED_PROTO'] with value 'https', to make backend realize that its 'real' url is an https one.

Wordpress checks only for the $_SERVER['HTTPS'] variable, and gets caught in an endless loop redirection from https to http to https and so on. The way we got over that, is to check for the $_SERVER['HTTP_X_FORWARDED_PROTO'] header in wp-include/functions.php:is_ssl() function.

I'm submitting also our 3-line patch, in case anyone has the same problem. Patch tested and works with nginx reverse-proxy.

I'm tagging it as a defect/bug, if you think it is not a bug, please re-tag it.

Thanks in advance,
Costas"	defect (bug)	closed	normal		General	3.0.2	minor	wontfix	ssl nginx apache reverse-proxy