WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 7 years ago

Last modified 2 years ago

#15733 closed defect (bug) (wontfix)

Wordpress Installation behind reverse-proxy ssl redirect loop

Reported by: costasd Owned by:
Milestone: Priority: normal
Severity: minor Version: 3.0.2
Component: General Keywords: ssl nginx apache reverse-proxy
Focuses: Cc:

Description

Hello,

In my job, we are evaluating wordpress for our main site, and we seem to have a little problem with our setup.

First of all, our setup:
We use a pretty common setup with reverse proxy(nginx) in front of our LAMP stack. Nginx serves static files(e.g. images) and proxy-passes all other requests to apache2. Nginx handles both http & https, speaking http to backend(apache2)

The problem:
In setups like that, some server variables, are not used. This is why you have to use mod-rpaf on apache to get the client ip.
One of those variables, is $_SERVERHTTPS?.
So in a setup with reverse-proxy in front, you have to set a variable $_SERVERHTTP_X_FORWARDED_PROTO? with value 'https', to make backend realize that its 'real' url is an https one.

Wordpress checks only for the $_SERVERHTTPS? variable, and gets caught in an endless loop redirection from https to http to https and so on. The way we got over that, is to check for the $_SERVERHTTP_X_FORWARDED_PROTO? header in wp-include/functions.php:is_ssl() function.

I'm submitting also our 3-line patch, in case anyone has the same problem. Patch tested and works with nginx reverse-proxy.

I'm tagging it as a defect/bug, if you think it is not a bug, please re-tag it.

Thanks in advance,
Costas

Attachments (1)

ssl_behind_reverse_proxy.patch (450 bytes) - added by costasd 7 years ago.

Download all attachments as: .zip

Change History (12)

#1 @nacin
7 years ago

You should set $_SERVER['HTTPS'] to equal $_SERVER['HTTP_X_FORWARDED_PROTO'] in your wp-config.php file. This isn't an issue for core to solve.

#2 @costasd
7 years ago

  • Resolution set to fixed
  • Status changed from new to closed

Ah nice, thanks a lot :)

I am closing it

#3 @nacin
7 years ago

  • Milestone Awaiting Review deleted
  • Resolution fixed deleted
  • Status changed from closed to reopened

Cheers :)

#4 @nacin
7 years ago

  • Resolution set to wontfix
  • Status changed from reopened to closed

#5 @brettporter
5 years ago

I have added some documentation on this to http://codex.wordpress.org/Administration_Over_SSL

I hope you'll reconsider including this in the core function since I noticed several people having this problem while I was searching, and it was quite difficult to track down a solution. Adding the extra check would be more likely to behave correctly out of the box.

#6 @nacin
5 years ago

This has also been discussed elsewhere. See http://core.trac.wordpress.org/ticket/19337#comment:4. Thanks for adding a note to the Codex.

#7 @ziodave
4 years ago

#24394 was marked as a duplicate.

#8 @willnorris
4 years ago

#15277 was marked as a duplicate.

#9 @dd32
4 years ago

#25222 was marked as a duplicate.

#10 @SergeyBiryukov
2 years ago

#30828 was marked as a duplicate.

#11 @ocean90
2 years ago

#31288 was marked as a duplicate.

Note: See TracTickets for help on using tickets.