[wp-trac] [WordPress Trac] #15733: WordPress Installation behind reverse-proxy ssl redirect loop
WordPress Trac
noreply at wordpress.org
Thu May 7 20:42:29 UTC 2020
#15733: WordPress Installation behind reverse-proxy ssl redirect loop
--------------------------------------------+----------------------
Reporter: costasd | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: General | Version: 3.0.2
Severity: minor | Resolution: wontfix
Keywords: ssl nginx apache reverse-proxy | Focuses:
--------------------------------------------+----------------------
Description changed by SergeyBiryukov:
Old description:
> Hello,
>
> In my job, we are evaluating wordpress for our main site, and we seem to
> have a little problem with our setup.
>
> First of all, our setup:
> We use a pretty common setup with reverse proxy(nginx) in front of our
> LAMP stack. Nginx serves static files(e.g. images) and proxy-passes all
> other requests to apache2. Nginx handles both http & https, speaking http
> to backend(apache2)
>
> The problem:
> In setups like that, some server variables, are not used. This is why you
> have to use mod-rpaf on apache to get the client ip.
> One of those variables, is $_SERVER['HTTPS'].
> So in a setup with reverse-proxy in front, you have to set a variable
> $_SERVER['HTTP_X_FORWARDED_PROTO'] with value 'https', to make backend
> realize that its 'real' url is an https one.
>
> Wordpress checks only for the $_SERVER['HTTPS'] variable, and gets caught
> in an endless loop redirection from https to http to https and so on. The
> way we got over that, is to check for the
> $_SERVER['HTTP_X_FORWARDED_PROTO'] header in wp-
> include/functions.php:is_ssl() function.
>
> I'm submitting also our 3-line patch, in case anyone has the same
> problem. Patch tested and works with nginx reverse-proxy.
>
> I'm tagging it as a defect/bug, if you think it is not a bug, please re-
> tag it.
>
> Thanks in advance,
> Costas
New description:
Hello,
In my job, we are evaluating wordpress for our main site, and we seem to
have a little problem with our setup.
First of all, our setup:
We use a pretty common setup with reverse proxy(nginx) in front of our
LAMP stack. Nginx serves static files(e.g. images) and proxy-passes all
other requests to apache2. Nginx handles both http & https, speaking http
to backend(apache2)
The problem:
In setups like that, some server variables, are not used. This is why you
have to use mod-rpaf on apache to get the client ip.
One of those variables, is `$_SERVER['HTTPS']`.
So in a setup with reverse-proxy in front, you have to set a variable
`$_SERVER['HTTP_X_FORWARDED_PROTO']` with value 'https', to make backend
realize that its 'real' url is an https one.
Wordpress checks only for the `$_SERVER['HTTPS']` variable, and gets
caught in an endless loop redirection from https to http to https and so
on. The way we got over that, is to check for the
`$_SERVER['HTTP_X_FORWARDED_PROTO']` header in wp-
include/functions.php:is_ssl() function.
I'm submitting also our 3-line patch, in case anyone has the same problem.
Patch tested and works with nginx reverse-proxy.
I'm tagging it as a defect/bug, if you think it is not a bug, please re-
tag it.
Thanks in advance,
Costas
--
--
Ticket URL: <https://core.trac.wordpress.org/ticket/15733#comment:17>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list