WordPress in HTTPS, causing Redirect Loops

by

I’m in the process of setting up WordPress over HTTPS, which is hosted on a Digital Ocean VPS, managed by Serverpilot (though the HTTPS is set up manually, rather than through Serverpilot). The server has a number of WordPress installations, but there is one in particular I wanted to run securely. WordPress in itself is running in a subfolder (so it’s located in domain.com/subfolder/).

I’ve managed to get SSL certificate up and running, as going to the main URL of the site domain.com and sticking a plain HTML on it works over SSL and the padlock’s show.

However the WordPress installation enters a redirect loop.

I’ve done the following:-

  • Switched all plugins off

  • Switched to a default theme (Twenty Thirteen)

  • Updated everything to their latest versions

  • Changed to default permalinks

I’ve then changed the siteurl and WordPress URL to https, and then the site gets caught in a Redirect Loop. I use a Redirect Path plugin for Chrome, and it’s effectively getting redirected to itself (so https://domain.com/subfolder/ goes through to https://domain.com/subfolder/). Oddly this redirect appears to switch between a 301 and 302 redirect, without any rhyme or reason.

I also had a bit of a play around with WordPress HTTPS, but that wasn’t successful either.

Any ideas? Not entirely sure where to go here…

2 Answers
2

The answer to this came in part from this answer, which linked to the Codex, advising the following snippet to be placed at the top of the wp-config file:

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
       $_SERVER['HTTPS']='on';

Unfortunately, this didn’t quite solve it for me, but I noticed it worked if I removed the if and just always set $_SERVER['HTTPS']='on';. If you want to always force SSL on your site, then that should do the trick.

If you want to allow both http and https, however, you’ll need to adjust your nginx config. Add the following line:

proxy_set_header X-Forwarded-Proto $scheme;

That’s the header the if condition above is looking for. By setting nginx to pass the requested scheme (either http or https) along as the X-Forwarded-Proto, you’re letting WordPress see what that original scheme was so that it knows how to behave.

Once you’ve done that, your WP site should work properly over both http and https.

Leave a Comment