Getting HTTPS to work for WordPress when behind a reverse proxy

I recently had an issue with https functionality in WordPress when working behind a reverse proxy like Pound or nginx. I’m running Pound, so the solution for me was to add specific proto headers to the pound.cfg file;

## HTTPS listening ports
ListenHTTPS
HeadRemove "HTTP_X_FORWARDED_PROTO"
HeadRemove "X_FORWARDED_PROTO"
AddHeader "HTTP_X_FORWARDED_PROTO: https"
AddHeader "X_FORWARDED_PROTO: https"

## HTTP listening ports
ListenHTTP
HeadRemove "HTTP_X_FORWARDED_PROTO"
HeadRemove "X_FORWARDED_PROTO"
AddHeader "HTTP_X_FORWARDED_PROTO: http"
AddHeader "X_FORWARDED_PROTO: http"


Then in WordPress, I had to modify the is_ssl function found in /wp-includes/functions.php to properly detect the X_FORWARDED_PROTO header value;

function is_ssl() {
if ( isset($_SERVER['HTTPS']) ) {
if ( 'on' == strtolower($_SERVER['HTTPS']) ) return true;
if ( '1' == $_SERVER['HTTPS'] ) return true;
} elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) ) {
return true;
} elseif ( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && ( 'https' == strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) ) ) {
return true;
} elseif ( isset($_SERVER['X_FORWARDED_PROTO']) && ( 'https' == strtolower($_SERVER['X_FORWARDED_PROTO']) ) ) {
return true;
}
return false;
}

The reason I added both HTTP_X_FORWARDED_PROTO and X_FORWARDED_PROTO is that there is no accepted standard for the use of these headers and I’ve seen both used.

Update! I found a much better way to solve the HTTPS problem on the Apache server hosting WordPress. Just edit httpd.conf and include this line;

SetEnvIf X-Forwarded-Proto https HTTPS=on

Tags: hack, security, software

This entry was posted on Friday, January 4th, 2013 at 12:46 pm and is filed under Server Management. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.