Title: [Plugin: WordPress HTTPS] Force SSL option on Apache behind Nginx = redirect loop Last modified: August 20, 2016 --- # [Plugin: WordPress HTTPS] Force SSL option on Apache behind Nginx = redirect loop * Resolved [TomsRiverWebDesign](https://wordpress.org/support/users/tomsriverwebdesign/) * (@tomsriverwebdesign) * [14 years, 11 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-force-ssl-option-on-apache-behind-nginx-redirect-loop/) * Excellent plugin! I’ve used it on WP on Apache before with no problem. Now I’m sitting behing Nginx, and when I try ‘Force SSL’ I get an infinite 301 redirect loop. The page in question is [here](http://trwebdesign.com/contact/). * If I uncheck the ‘Force SSL’ options and specify https:// in the address bar, the resource won’t redirect and the the ssl connection is honored (albeit without the internal URL rewriting but hey, does that help?) * I looked at your code, daunting but I don’t have your insight. Can you point me in the write (I kill me!) direction? * Thanks, Scott * [http://wordpress.org/extend/plugins/wordpress-https/](http://wordpress.org/extend/plugins/wordpress-https/) Viewing 5 replies - 1 through 5 (of 5 total) * Thread Starter [TomsRiverWebDesign](https://wordpress.org/support/users/tomsriverwebdesign/) * (@tomsriverwebdesign) * [14 years, 11 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-force-ssl-option-on-apache-behind-nginx-redirect-loop/#post-2145503) * I got it. It seems that 3 times out of 4, the redirect happens as a result of the is_ssl() function, which is located around line 270. * I changed this line: `if ( $this->shared_ssl == 1 && strpos($this->https_url, $_SERVER['HTTP_X_FORWARDED_SERVER']) !== false ) {` * To this: `if (strpos($this->https_url, $_SERVER['HTTP_X_URL_SCHEME'] . '://'. $_SERVER['HTTP_X_FORWARDED_SERVER'] ) !== false ) {` * It had to be done since my proxy web server wasn’t passing along the protocol to apache. Unfortunately I trashed the shared_ssl option in the process, so this may not work for you. * Best Regards, Scott * Plugin Author [mvied](https://wordpress.org/support/users/mvied/) * (@mvied) * [14 years, 11 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-force-ssl-option-on-apache-behind-nginx-redirect-loop/#post-2145507) * Hey Scott, * Are you using the Shared SSL feature to proxy your site for HTTPS? * I’ve seen quite a few cases where the proxy servers weren’t properly forwarding the correct information. I’ve tried to address this issue in my development version. The code I came to was this: * ``` function is_ssl() { if ( $this->shared_ssl == 1 && strpos($this->https_url, preg_replace('/:.+$/', '', $_SERVER['HTTP_HOST'])) !== false ) { return true; } return is_ssl(); } ``` * I don’t actually have anywhere to test shared SSL functionality, hence why there haven’t been any updates to the plugin in a long time. It also doesn’t help that most issues that people are having only show up on some servers and not others. * Anywho, try that code out and let me know it if works or not. * Thanks, Mike * Thread Starter [TomsRiverWebDesign](https://wordpress.org/support/users/tomsriverwebdesign/) * (@tomsriverwebdesign) * [14 years, 11 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-force-ssl-option-on-apache-behind-nginx-redirect-loop/#post-2145508) * Hi Mike, * I too wanted to be clear in my post, and for the benefit of anyone reading, do _not_ copy my code verbatim! – I’m not using Shared SSL. And your headers may vary * Try to work out what headers are coming from your proxy. Nginx was only sending the domain name without the scheme in the HTTP_HOST header, so that was out. I admit mine is more of a kludge. * Excellent plugin all around… Thanks Mike! * Plugin Author [mvied](https://wordpress.org/support/users/mvied/) * (@mvied) * [14 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-force-ssl-option-on-apache-behind-nginx-redirect-loop/#post-2145617) * Hey Scott, * I’m going to be pushing out version 1.9 soon. It will work for you without any modifications. Below is the conclusion I came to and it seems to work with Shared SSL as well as proxies. Thank you for your contribution. 🙂 * ``` function is_ssl() { // Some extra checks for proxies and Shared SSL if ( !is_ssl() && strpos($this->https_url, $_SERVER['HTTP_X_URL_SCHEME'] . '://' . $_SERVER['HTTP_X_FORWARDED_SERVER']) !== false ) { return true; } else if ( $this->shared_ssl == 1 && !is_ssl() && strpos($this->https_url, $_SERVER['HTTP_HOST']) !== false ) { return true; } return is_ssl(); } ``` * Plugin Author [mvied](https://wordpress.org/support/users/mvied/) * (@mvied) * [14 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-force-ssl-option-on-apache-behind-nginx-redirect-loop/#post-2145618) * Found a bug in the function. Correction: * ``` function is_ssl() { // Some extra checks for proxies and Shared SSL if ( $_SERVER['HTTP_X_FORWARDED_SERVER'] && !is_ssl() && strpos($this->https_url, $_SERVER['HTTP_X_URL_SCHEME'] . '://' . $_SERVER['HTTP_X_FORWARDED_SERVER']) !== false ) { return true; } else if ( $this->shared_ssl == 1 && !is_ssl() && strpos($this->https_url, $_SERVER['HTTP_HOST']) !== false ) { return true; } return is_ssl(); } ``` Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘[Plugin: WordPress HTTPS] Force SSL option on Apache behind Nginx = redirect loop’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/wordpress-https_bec2c9.svg) * [WordPress HTTPS (SSL)](https://wordpress.org/plugins/wordpress-https/) * [Frequently Asked Questions](https://wordpress.org/plugins/wordpress-https/#faq) * [Support Threads](https://wordpress.org/support/plugin/wordpress-https/) * [Active Topics](https://wordpress.org/support/plugin/wordpress-https/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wordpress-https/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wordpress-https/reviews/) * 5 replies * 2 participants * Last reply from: [mvied](https://wordpress.org/support/users/mvied/) * Last activity: [14 years, 10 months ago](https://wordpress.org/support/topic/plugin-wordpress-https-force-ssl-option-on-apache-behind-nginx-redirect-loop/#post-2145618) * Status: resolved