I am in the process of changing my protocol from http to https.
I have wordpress installed as a subdirectory (eg: www.example.com/blog)
I have the server behind a load balancer, requests to the load balancer are encrypted but requests from the load balancer to the server are not.
I updated the home and siteurl parameters to reflect the https adddress.
And I added the following code to my wp-config.php file:
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
For some reason, when I go to the url https://www.example.com/blog, the following redirects occur:
https://…blog -> http://…blog/
http://…blog/ -> https://…blog/
I can live with one redirect (the one for adding the slash), but I don’t understand why it redirects to the http:// address. I don’t see anything in my setup that still references http://.
Why is it doing this?
I have tried clearing my browser’s cache. I also have an .htaccess file but I suspect it doesn’t have anything to do with it because the redirects occur even when all the code in the .htaccess file is commented
In someone still finds the htaccess file relevant: I have two rules in the htaccess file:
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule . https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
for redirecting http to https
and
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /blog/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /blog/index.php [L]
</IfModule>
for adding the slash (I think).
Although the first rule isn’t relevant (because I am going directly to the https address). And commenting the second rule has no effect on the issue in question.
Is there anywhere else in my setup where I need to update wordpress about the fact that I’m using https?
Thanks.
4 Answers
This is somewhat of a guess, but it is probably a result of the web server configuration. What your server probably does is to see that the request want to load the blog url of the site. It checks out and sees that blog is a directory adds a slash and redirects to it. Now because the load balancer sends an http request the web server redirect to http. After that the request is made to the wordpress directory and all your htaccess and wordpress logic kicks in and provides the correct info/redirects etc.
Solution… if this is not only a good story, but also a true one, an http to https redirection in an htaccess of the root directory should probably fix it.
If it actually does fix the issue (and you think the fix worth your time) you will want to consider merging the “wordpress” htaccess into the root one as apache reads all the htaccess in each directory in the hierarchy on each request and “runs” them which is a pointless waste of time.
