I recently had an issue with https functionality in WordPress when working behind a reverse proxy like Pound or nginx. I’m running Pound, so the solution for me was to add specific proto headers to the pound.cfg file;
## HTTPS listening ports
ListenHTTPS
HeadRemove "HTTP_X_FORWARDED_PROTO"
HeadRemove "X_FORWARDED_PROTO"
AddHeader "HTTP_X_FORWARDED_PROTO: https"
AddHeader "X_FORWARDED_PROTO: https"
## HTTP listening ports
ListenHTTP
HeadRemove "HTTP_X_FORWARDED_PROTO"
HeadRemove "X_FORWARDED_PROTO"
AddHeader "HTTP_X_FORWARDED_PROTO: http"
AddHeader "X_FORWARDED_PROTO: http"
Then in WordPress, I had to modify the is_ssl function found in /wp-includes/functions.php to properly detect the X_FORWARDED_PROTO header value;
function is_ssl() {
if ( isset($_SERVER['HTTPS']) ) {
if ( 'on' == strtolower($_SERVER['HTTPS']) ) return true;
if ( '1' == $_SERVER['HTTPS'] ) return true;
} elseif ( isset($_SERVER['SERVER_PORT']) && ( '443' == $_SERVER['SERVER_PORT'] ) ) {
return true;
} elseif ( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && ( 'https' == strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) ) ) {
return true;
} elseif ( isset($_SERVER['X_FORWARDED_PROTO']) && ( 'https' == strtolower($_SERVER['X_FORWARDED_PROTO']) ) ) {
return true;
}
return false;
}
The reason I added both HTTP_X_FORWARDED_PROTO and X_FORWARDED_PROTO is that there is no accepted standard for the use of these headers and I’ve seen both used.
Update! I found a much better way to solve the HTTPS problem on the Apache server hosting WordPress. Just edit httpd.conf and include this line;
SetEnvIf X-Forwarded-Proto https HTTPS=on