PHP force redirect SSL NginxProxy endless loop

[chrisf]

I switched to nginxproxy from apache to benefit from the speed on my shared hosting production server.

I have a few domains with SSL enabled and suddenly the sites were in a endless loop and they would not display.

I traced the problem to php checking $_SERVER['HTTPS'] - which behind nginx proxy apache does not know it is https being served.

I was pulling my hair out trying to get this to work - but php was getting environment and server variables from apache which doesn't know nginx is sending ssl pages.

The fix is simple! YET I hope I save someone the trouble I had with this.

ssh:
/home/nginx/conf/globals
if you are using a custom.proxy.conf just add the below lines, if not we must create it:
cp proxy.conf custom.proxy.conf

vim custom.proxy.conf

Find all the lines where it says proxy_set_header and add this line:

Code: [Select]

proxy_set_header X-Forwarded-Protocol $scheme;

Then go to the directory of the website having the endless ssl loop due to a php redirect.
Example:

Code: [Select]

if ($_SERVER['HTTPS'] !== on) {
// redirect to https here ----

Add this to the .htaccess of the domain with ssl:

Code: [Select]

SetEnvIf X-Forwarded-Protocol https HTTPS=on

sh /script/fixweb
sh /script/restart-all

All fixed

This is for those who understand php programming and ssl redirect being forced through php headers.

Everyone else  this doesn't apply....

Enjoy

[fossxplorer]

Why the heck didn't i find this post that would have saved me 1 night sleep and almost 24h of research and troubleshooting?
I'm convinced your findings here will help MANY users of Kloxo-MR. 

EDIT: can you update the typo as it should be: SetEnvIf X-Forwarded-Proto https HTTPS=on
and you if you are using Hiawatha proxy, you don't need fixweb/restart-all as it's already sending  X-Forwarded-Proto to the backend.

[chrisf]

Not a typo as in nginx configuration I had added the full 'protocol' - however if Hiawatha is sending proto to the backend, simply change that (as you have).

[quacos]

chrisf, thank you for this saving time tip!

[cmdman]

@chrisf
can you explain me bit more i have same issues but i didnt get your fix can yu more specific guide me

[chrisf]

That was step by step.  If you need more help (send me a PM) and we'll see what we can do

[letux]

can't fiend " /home/nginx/conf/globals " !!

[MRatWork]

can't fiend " /home/nginx/conf/globals " !!

If using Kloxo-MR 7.0, go to '/opt/configs/nginx/conf/globals' instead '/home/nginx/conf/globals'

[letux]

and sorry i didn't fiend 'proxy.conf'
but i fiend more than file,
- proxy_standard.conf
- proxy_standard_ssl.conf
- proxy_wildcards.conf
- proxy_wildcards_ssl.conf
which file i copy and edit it ?

[MRatWork]

All.

[intan]

mengapa nginx 502 badgateway add domain di client ?

[MRatWork]

mengapa nginx 502 badgateway add domain di client ?

Bisa lebih diperjelas?.

[intan]

Jdi pd saat membuat website baru pada client setelah pilih adddomain kemudian menghapus file image dan index.html kemudian download wordpress setelah itu ekstrak. ketika dibuka dibrowser muncul erorr 502 badgateway jika menggunakan nginx. lain jika menggunakan hiawatha,apache,httpd berhasil masuk ke setup wordpress pd saat buka browser dan msuk ke domain tersebt.

[MRatWork]

Sementara pakai apache atau hiawatha-proxy saja.

Saya menemukan 'banyak' keanehan pada nginx untuk versi akhir-akhir ini.

[intan]

baik, Mas Mustafa Ramadhan trimakasih saranya...