Endless Redirect Loop with AWS ELB and wordpress site using wordpress https plugin
Solution 1
I would hazard a guess without you posting your ELB configuration that the ELB is redirecting HTTPS (443/tcp) traffic to the EC2 instance on HTTP (80/tcp). Then you're .htaccess
and plugin are trying to redirect it back to HTTPS because it is being seen over HTTP.
Go take a look at your EC2 console under Network & Security > Load Balancers
and I would imagine you'll see the Port Configuration
says something along the lines of 443 forwarding to 80 (HTTPS, Certificate: blah)
Solution 2
Try adding this to your httpd.conf
or an .htaccess
SetEnvIfNoCase X-FORWARDED-PROTO "^https$" HTTPS
When using the load balancer + HTTPS, your webserver is unaware that HTTPS is being used on the front end, so keeps trying to redirect to the HTTPS site, when in fact, HTTPS is already being used.
The above will translate the header that Amazon's Load Balancer sends (X-Forwarded-Proto: https
) into an environment variable that Wordpress and other PHP scripts understand (HTTPS=1
)
Solution 3
According to Amazon here https://d0.awsstatic.com/whitepapers/deploying-wordpress-with-aws-elastic-beanstalk.pdf the fix is:
/** Detect if SSL is used. This is required since we are terminating SSL either on CloudFront or on ELB */
if (($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'] == 'https') OR ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'))
{$_SERVER['HTTPS']='on';}
I still ended up with the endless loop, so I changed my WordPress config as from:
define('WP_HOME','http://www.example.com');
define('WP_SITEURL','http://www.example.com');
to:
define('WP_HOME','https://www.example.com');
define('WP_SITEURL','https://www.example.com');
This will force users to https, even if they type http, plus it makes it easy to develop the site offline because you just update the WP_HOME to local host and https is no longer the default
Solution 4
Quoting myself from another helpful post https://serverfault.com/a/858308/450836:
For me it was sufficient to set $_SERVER['HTTPS']='on'; in wp-config.php. I'm using AWS ELB which terminates SSL on the ELB. Therefore nginx accepts the request on Port 80 (8080 after varnish) and it seems like wordpress was not able to deal with it until you explicitly tell PHP that the site already uses https...
For the non-SSL ELB Listener I use a separate config to redirect all traffic to https as default listener.
Related videos on Youtube
ChickenFur
I'm a beginning programmer looking to learn and understand things.
Updated on September 18, 2022Comments
-
ChickenFur over 1 year
I have configured an AWS ELB to point to my Ubuntu Server running the Wordpress 3.2.1. Everything worked great on the server until I put it behind a load balancer.
I setup the load balancer to forward port 80 to port 80 and port 443 to port 80.
I setup my virtual hosts file to check for the headers from the elb:
RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]Now whenever I go to an https url I get this message:
This webpage has a redirect loop
The webpage at https://mywebsite.com/securepage/ has resulted in too many redirectsAs soon as I disable the wordpress https plugin
(http://wordpress.org/extend/plugins/wordpress-https/)
The pages work but are now full of mixed content. pages that should be https are no longer https.As soon as I access the server directly instead of through the elb it works again.
Any ideas on how I could get this to work with an AWS ELB?
-
ChickenFur over 12 yearsThis person here was having the same problem. forums.aws.amazon.com/…
-
ChickenFur over 12 yearsand this one looks similar stackoverflow.com/questions/5741210/…
-
ChickenFur over 12 yearsyour right I am forwarding 443 to 80.
-
Jeremy Bouse over 12 yearsI've been running one of my clients under AWS for over 2 years now... When I read your question that's the first thing that popped into my head as suspect.
-
ChickenFur over 12 yearsChanging the LB to point from 443 to 443 fixed it :) Thanks!
-
toske almost 9 yearsThis would be correct way do it, as SSL decryption remains on ELB
-
Akash Budhia about 7 yearsIf you're on nginx, similar addition would be:
fastcgi_param HTTPS on;
-
Daywalker almost 6 yearsThis post ended my hour long pain... THX
-
S.Bao over 2 yearsthanks it work for me with apache