How to fix WordPress HTTPS issues when behind an Amazon Load Balancer?

Question

I've had this issue before. When running WordPress (or other PHP scripts) behind Amazon's EC2 Load Balancer, the scripts do not realize they are being ran on the https:// protocol and results in issues such as endless redirect loops, and HTTPS warnings ("Some content on this page is being requested in a non-secure way...").

Is there a way to fix this without modifying WordPress core? I am using Apache 2.2.

Answer 1

According to me, what's happening is that when your page is accessed over HTTPS, the Load balancer performs SSL offloading and requests your content on the non-SSL port 80. The webserver and php don't translate that content is being accessed over https://

The easiest fix for this issue is to have your Amazon's ELB send a de-fanto X-Forwarded-Proto HTTP header, which can be later used to figure out which protocol is being used by the client.

For Apache2, you can use the following command line:

<IfModule mod_setenvif.c>

  SetEnvIf X-Forwarded-Proto "^https$" HTTPS

</IfModule>