Server looks for $_SERVER['HTTPS']

Some php code expects to find $_SERVER[‘HTTPS’] == ‘on’ when served via ssl.

The current LbF setup uses nginx to route both http and https to apache on port 80, and neither makes any effort to set ‘HTTPS’.

Editing /conf/sites-enabled/000-default.conf to include the following solves the problem.

 # This is to forward all PHP to php-fpm.
 <IfModule mod_proxy_fcgi.c>
      #set $_SERVER['HTTPS']
      <IfModule mod_setenvif.c>
	SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on
	SetEnvIf X-Forwarded-Proto "^http$" HTTPS=off
  </IfModule>
 ...

Thanks for sharing, this actually helped me solve an issue where I was getting a ‘too many redirects’ error on a non-WordPress software package. I added that snipped to my .htaccess and that fixed it.

Question for Local dev team, would it be possible to add that snippet in an upcoming release? This might alleviate many of the redirect issues people are reporting and avoid overall confusion for those of us using php applications that rely on this.

Version 2.3.2 lists this in its release notes

  • Fix: HTTPS status is properly sent to PHP-FPM to eliminate the need to inject a small block of code into wp-config.php
1 Like