Support » Plugin: SSL Insecure Content Fixer » WP behind reverse proxy all content insecure

  • Resolved petehelgren

    (@petehelgren)


    Been attempting to get SSL working with SSL with no joy. I spent quite a bit of time researching code-related solutions and made multiple change to the Apache settings. I finally gave up. Then I came across your plugin and decided to give it a try. The test recommended that I use “unable to detect HTTPS” setting and I tried every content setting but still, no joy.

    WP is behind a reverse proxy which uses the ProxyPass directive to pass traffic for the website back to an Apache instance running at port 5080 like so:

    <VirtualHost *:443>
    
    ServerName www.ossgarden.org
    ServerAlias ossgarden.org *.ossgarden.org
    
    SSLEngine On
    -- some additional directives here --
    ProxyTimeout 300
    ProxyPreserveHost On
    ProxyPass / http://10.0.10.207:5580/
    ProxyPassReverse / http://10.0.10.207:5580/
    
    </VirtualHost>
    

    Accessing the site with http works fine. But if you try https, then most of the http delivered content is flagged as insecure. There are multiple websites running on this apache server. They all work fine with https except when WP is in use, then the mixed content issues arise. Not sure what is unique about WP that makes it so difficult to work with SSL but it is the only application I have an issue with.

    Any ideas on how to go about making it work?

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author webaware

    (@webaware)

    G’day Pete,

    You need to pass some information to the back end Apache so that WordPress can detect when it’s being accessed via https. Here’s the headers you need to send:

    RequestHeader set X-Forwarded-Proto "https"
    RequestHeader set X-Forwarded-Port "443"

    Then you can add this to your wp-config.php file to detect when the website is loaded on https:

    if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
    	$_SERVER['HTTPS'] = 'on';
    }

    I recommend getting those two things set up, verifying that all works well including the admin login and changing settings in the admin. Once you’re sure it’s working, set the site and home URLs both to https and login again. You can then set about cleaning up your content as described in the doco:

    https://ssl.webaware.net.au/testing/cleaning-up-content/

    cheers,
    Ross

    • This reply was modified 4 weeks, 1 day ago by webaware.

    Sweet! Made the adjustments and bingo! It worked.

    Thanks for the tip.

    Pete

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.