[wp-trac] [WordPress Trac] #38273: HTTPS install is broken

WordPress Trac noreply at wordpress.org
Mon Oct 10 04:28:15 UTC 2016 

#38273: HTTPS install is broken
-------------------------------+------------------------------
 Reporter:  yohgaki            |       Owner:
     Type:  defect (bug)       |      Status:  new
 Priority:  normal             |   Milestone:  Awaiting Review
Component:  Upgrade/Install    |     Version:  4.6.1
 Severity:  normal             |  Resolution:
 Keywords:  reporter-feedback  |     Focuses:
-------------------------------+------------------------------

Comment (by dd32):

 > All HTTP traffic is redirected to HTTPS by nginx reverse proxy, backend
 web server is apache that only waits HTTP

 I missed this when reading the ticket.

 In short: you should consider configuring your nginx/apache configuration
 better. Apache (And therefor PHP & WordPress) has no idea that it's
 running in a SSL environment, which is the root cause of your bad
 experience.

 The standard method would be using `X-Real-IP` and `X-Forwarded-Proto` to
 pass the end-users IP and the SSL status through to Apache, when combined
 with the appropriate Apache configs would allow everything to work
 transparently.

 In longer form..
 WordPress is unable to detect that it's running on a SSL service, it see's
 HTTP requests, attempts to redirect to HTTPS requests and ends up in a
 loop.
 During install, WordPress attempts to determine it's own URL, and not
 seeing the HTTPS protocol, sets to a `http://` url.

 In the event your server is not configured to pass through the HTTPS
 status, then it's up to you to setup WordPress correctly.
 That involves either a) creating the `wp-config.php` file manually, and
 adding `$_SERVER['HTTPS']='on';` to it prior to install or b) Installing
 WordPress, and correcting the `siteurl` and `home` options in the database
 to `https://` (or using the constants in wp-config.php).

 In that case, WordPress has no idea that it's being installed on a HTTPS
 service until you add `$_SERVER['HTTPS']='on';` to your wp-config.php
 file, as a result, it's up to you to configure the service correctly (both
 at the nginx & apache layers) and/or set the URLs for WordPress correctly.

 I'm going to close this as a duplicate of #15733 and the many many many
 other tickets about SSL and bad server configs.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/38273#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list