I was trying to set up a local (development) copy of a site I manage today, but found that I was getting a ‘Too many redirects’ error when trying to load it. Eventually I tracked it down to the WordPress redirect_canonical()
function, and more specifically is_ssl()
.
is_ssl()
was reporting false even though I was requesting the site over https. And so it was redirecting to the https URL (as this is what I have set as the siteurl
in the WP options). Thus causing an infinite redirect loop.
The cause of this problem and the solution can be found here: WordPress Function Reference – is ssl. The problem was that I was using a reverse proxy setup, so the apache instance running WordPress wasn’t using https, just the nginx server handling the initial requests was.
By adding proxy_set_header X-Forwarded-Proto https;
to the nginx config and then if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { $_SERVER['HTTPS'] = 'on'; }
to the wp-config.php the problem is solved.
I’d be interested to know how this is normally handled in environments using reverse proxies, as I would think many shared webhosts use this structure, but users aren’t required to add checks for the X-Forwarded-Proto
header in their wp-config just to get WordPress working on https. Or are they?
Thank you! This pointed me in the right direction – my Cloudflare SSL was configured to be “Flexible”, meaning it was connecting to my origin via HTTP, which resulted in an endless HTTPS redirect loop. “Strict” mode and up fixes everything up, yay!