Why isn't Apache reporting HTTPS to PHP?
It looks to me, like you are in fact accessing apache via HTTP not HTTPS (which is what it's telling you).
If you check your apache config file, you should have 2 sites, one for :80 (HTTP) and one for :443 (HTTPS). The former should redirect traffic to the later. If you ensure the site with the VIRTUALHOST ending in :80 (which is what I think you're actually using) has a different log file to the one ending :443 (which is the HTTPS host you think you're using), then you'll be able to watch the log files, to be sure, which site you're looking at.
It's possible that something is tunneling the unwrappered HTTP conversation to apache, having managed the SSL part, but having looked at bitnampi docs, they don't do that, so you'd have to have setup something like stunnel yourself. As Hakan Lindqvist said, if netstat -lpn shows only apache listening on :443 and :80, then the truth must be in the apache config file. Like I mentioned above, I suggest configuring the logs to be sure, but generally, if it looks like a duck, quacks like a duck, and enjoys spending time in ponds, swimming in the rain, first work on the assumption, it's a duck as it's unlikely to be a cat.
You may find this helpful: https://wiki.bitnami.com/Components/Apache#How_to_enable_HTTPS_support_with_SSL_certificates
It's worth noting, this is an example HTTPS site configuration (from the above link)
<VirtualHost *:443>
SSLEngine on
DocumentRoot "/opt/bitnami/apps/sugarcrm/htdocs"
ServerName my-sugarcrm.example.com
SSLCertificateFile "/opt/bitnami/apache2/conf/my-sugarcrm.crt"
SSLCertificateKeyFile "/opt/bitnami/apache2/conf/my-sugarcrm.key"
</VIrtualHost>
Related videos on Youtube
Waaghals
Updated on September 18, 2022Comments
-
Waaghals almost 2 years
Problem
Apache isn't reporting HTTPS in the
$_SERVER
variable of PHP. Certificate is correctly configured according to sslcheck.nl and the website redirects every HTTP request to the HTTPS equivalent.$_SERVER
variable:-
HTTPS
key does not exist -
SERVER_PORT
is 80 instead of 443 -
HTTP_X_FORWARDED_PROTO
is not set -
REQUEST_SCHEME
is http instead of https
Without these values, Symfony framework and Wordpress cannot determine if the website is running on a secure connection.
Configuration
I'm running a Bitnami LAMP stack. As far as I can tell, the server does not run a reverse proxy. The website does have mod_pagespeed configured, but I do not think that this is configured as a reverse proxy. I tried disabling mod_pagespeed for a test vhost, but Apache keeps reporting http.
What else could be the reason for Apache incorrectly reporting HTTP/HTTPS?
Update
Output from
netstat -plnt
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 65034/master tcp 0 0 127.0.0.1:2812 0.0.0.0:* LISTEN 2295/monit tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 1801/mysqld.bin tcp 0 0 127.0.0.1:12301 0.0.0.0:* LISTEN 48346/opendkim tcp 0 0 127.0.0.1:21 0.0.0.0:* LISTEN 731/vsftpd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1889/sshd tcp6 0 0 ::1:25 :::* LISTEN 65034/master tcp6 0 0 :::443 :::* LISTEN 25401/httpd tcp6 0 0 :::80 :::* LISTEN 25401/httpd tcp6 0 0 :::22 :::* LISTEN 1889/sshd
Vhost configuration:
<VirtualHost *:80> ServerName mydomain.com DocumentRoot "/opt/bitnami/apps/mydomain/htdocs/web" RewriteEngine On #redirect non-www to https://www. RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] #redirect http://www. to https://www. RewriteCond %{HTTPS} !=on RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L] CustomLog /opt/bitnami/apache2/logs/mydomain-http.log combined Include "/opt/bitnami/apps/mydomain/conf/httpd-app.conf" </VirtualHost> <VirtualHost *:443> ServerName mydomain.com DocumentRoot "/opt/bitnami/apps/mydomain/htdocs/web" RewriteEngine On RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] CustomLog /opt/bitnami/apache2/logs/mydomain-https.log combined SetEnv HTTPS on #Added this to force https environment variable Include "/opt/bitnami/apps/mydomain/conf/httpd-app.conf" </VirtualHost>
-
Waaghals over 8 years@HBruijn Varnish is disabled by default (did not enable it either).
-
Håkan Lindqvist over 8 yearsAs there seems to be some degree of uncertainty, can you verify that it's actually Apache httpd that is bound to 443/tcp? (
netstat -plnt
or similar) -
Waaghals over 8 years@HåkanLindqvist Looks like it is only the case for tcp6 and not regular tcp. But no other process is using port 443/80 on regular tcp.
-
GregL over 8 yearsFurther to @HåkanLindqvist's comment, can you post the contents of the
netstat
command, along with your relevant Apache configs? -
Eirik Toft over 8 yearsIt might help a lot if you post your httpd config where your 80 and 443 listeners are at.
-
-
Waaghals over 8 yearsI've updated the vhosts to have different logs per vhost. But the request do seem to be coming in at the https vhost (based on the access log output)
-
sibaz over 8 yearsYour apache :443 config, above, looks to be missing any of the settings, which turn on HTTPS, hence unless you have settings in different file, overriding it, you're listening on :443, but is still a HTTP site. I've added the example *:443 config file, from the above link. It's normal to have an SSLEngine ON directive, and SSLCertificate directives in the vhost, serving HTTPS
-
Waaghals over 8 yearsThanks! that was the problem, I was using a wildcard certificate and the certificate was configured in httpd.conf. This made https to work, but the vhost didn't know about the usage of https. It seems I have to add this to the vhost explicitly (which kinda makes sense). I added the SSL* directives to the vhost, and now it is working.
-
Vadim almost 8 yearsThis was my problem too. Although my certificates were set in the default Apache configuration file, simply having the port at 443 was not enough: I had to the certificate and the key file to my
VirtualHost
. I also had to includeSSLEngine on
, as stated.