I was trying to set up a local (development) copy of a site I manage today, but found that I was getting a ‘Too many redirects’ error when trying to load it. Eventually I tracked it down to the WordPress redirect_canonical()
function, and more specifically is_ssl()
.
is_ssl()
was reporting false even though I was requesting the site over https. And so it was redirecting to the https URL (as this is what I have set as the siteurl
in the WP options). Thus causing an infinite redirect loop.
The cause of this problem and the solution can be found here: WordPress Function Reference – is ssl. The problem was that I was using a reverse proxy setup, so the apache instance running WordPress wasn’t using https, just the nginx server handling the initial requests was.
By adding proxy_set_header X-Forwarded-Proto https;
to the nginx config and then if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { $_SERVER['HTTPS'] = 'on'; }
to the wp-config.php the problem is solved.
I’d be interested to know how this is normally handled in environments using reverse proxies, as I would think many shared webhosts use this structure, but users aren’t required to add checks for the X-Forwarded-Proto
header in their wp-config just to get WordPress working on https. Or are they?