WordPress.org

Support

Support » Plugins and Hacks » WordPress HTTPS (SSL) » [Resolved] [Plugin: WordPress HTTPS] Force SSL option on Apache behind Nginx = redirect loop

[Resolved] [Plugin: WordPress HTTPS] Force SSL option on Apache behind Nginx = redirect loop

  • Excellent plugin! I’ve used it on WP on Apache before with no problem. Now I’m sitting behing Nginx, and when I try ‘Force SSL’ I get an infinite 301 redirect loop. The page in question is here.

    If I uncheck the ‘Force SSL’ options and specify https:// in the address bar, the resource won’t redirect and the the ssl connection is honored (albeit without the internal URL rewriting but hey, does that help?)

    I looked at your code, daunting but I don’t have your insight. Can you point me in the write (I kill me!) direction?

    Thanks, Scott

    http://wordpress.org/extend/plugins/wordpress-https/

Viewing 5 replies - 1 through 5 (of 5 total)
  • I got it. It seems that 3 times out of 4, the redirect happens as a result of the is_ssl() function, which is located around line 270.

    I changed this line:
    if ( $this->shared_ssl == 1 && strpos($this->https_url, $_SERVER['HTTP_X_FORWARDED_SERVER']) !== false ) {

    To this:
    if (strpos($this->https_url, $_SERVER['HTTP_X_URL_SCHEME'] . '://' . $_SERVER['HTTP_X_FORWARDED_SERVER'] ) !== false ) {

    It had to be done since my proxy web server wasn’t passing along the protocol to apache. Unfortunately I trashed the shared_ssl option in the process, so this may not work for you.

    Best Regards,
    Scott

    Plugin Author Mike Ems

    @mvied

    Hey Scott,

    Are you using the Shared SSL feature to proxy your site for HTTPS?

    I’ve seen quite a few cases where the proxy servers weren’t properly forwarding the correct information. I’ve tried to address this issue in my development version. The code I came to was this:

    function is_ssl() {
       if ( $this->shared_ssl == 1 && strpos($this->https_url, preg_replace('/:.+$/', '', $_SERVER['HTTP_HOST'])) !== false ) {
        return true;
       }
       return is_ssl();
    }

    I don’t actually have anywhere to test shared SSL functionality, hence why there haven’t been any updates to the plugin in a long time. It also doesn’t help that most issues that people are having only show up on some servers and not others.

    Anywho, try that code out and let me know it if works or not.

    Thanks,
    Mike

    Hi Mike,

    I too wanted to be clear in my post, and for the benefit of anyone reading, do _not_ copy my code verbatim! – I’m not using Shared SSL. And your headers may vary

    Try to work out what headers are coming from your proxy. Nginx was only sending the domain name without the scheme in the HTTP_HOST header, so that was out. I admit mine is more of a kludge.

    Excellent plugin all around… Thanks Mike!

    Plugin Author Mike Ems

    @mvied

    Hey Scott,

    I’m going to be pushing out version 1.9 soon. It will work for you without any modifications. Below is the conclusion I came to and it seems to work with Shared SSL as well as proxies. Thank you for your contribution. 🙂

    function is_ssl() {
    	// Some extra checks for proxies and Shared SSL
    	if ( !is_ssl() && strpos($this->https_url, $_SERVER['HTTP_X_URL_SCHEME'] . '://' . $_SERVER['HTTP_X_FORWARDED_SERVER']) !== false ) {
    		return true;
    	} else if ( $this->shared_ssl == 1 && !is_ssl() && strpos($this->https_url, $_SERVER['HTTP_HOST']) !== false ) {
    		return true;
    	}
    	return is_ssl();
    }
    Plugin Author Mike Ems

    @mvied

    Found a bug in the function. Correction:

    function is_ssl() {
    	// Some extra checks for proxies and Shared SSL
    	if ( $_SERVER['HTTP_X_FORWARDED_SERVER'] && !is_ssl() && strpos($this->https_url, $_SERVER['HTTP_X_URL_SCHEME'] . '://' . $_SERVER['HTTP_X_FORWARDED_SERVER']) !== false ) {
    		return true;
    	} else if ( $this->shared_ssl == 1 && !is_ssl() && strpos($this->https_url, $_SERVER['HTTP_HOST']) !== false ) {
    		return true;
    	}
    	return is_ssl();
    }
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘[Resolved] [Plugin: WordPress HTTPS] Force SSL option on Apache behind Nginx = redirect loop’ is closed to new replies.
Skip to toolbar