Can not reach server internal without proxy and thus http

  • Resolved webfuse

    (@webfuse)


    3 years, 9 months ago

    Hi,

    This plugin works great if the server actually uses HTTPS but my server sometimes has to do some actions internally. I use NGINX as the web-server with PHP-FPM. The structure is as follows: client -> nginx server handling HTTPS and serving the proxy -> nginx server serving static content and proxies PHP-FPM -> PHP-FPM.

    So the second proxy does not use HTTPS and can not be reached using cURL internally when this plugin is installed. I would like to use the plugin as a must use plugin so all content uses HTTPS. But websites that do not use HTTPS would not be able to reach. Can you make it so the plugin can be “enabled/disabled” depending on the scheme, or if certain headers are present that would indicate the server was proxied from HTTPS? Or give a suggestion how that would be done?

    Kind regards,
    Luc

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author JS Morisset

    (@jsmoriss)

    It sounds like you should be using the X-Forwarded-Proto and X-Forwarded-Ssl headers. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto for more info.

    js.

    Thread Starter webfuse

    (@webfuse)

    Thanks!

    I noticed the last line actually executes the main function in the class. So I enclosed that with the “maybe_set_server_https_on” functions if statements.
    It looks like this:

    if ( ! isset( $_SERVER[ 'HTTPS' ] ) || $_SERVER[ 'HTTPS' ] !== 'on' ) {;
    if ( isset( $_SERVER[ 'HTTP_X_FORWARDED_PROTO' ] ) && strpos( $_SERVER[ 'HTTP_X_FORWARDED_PROTO' ], 'https' ) !== false ) {
        JSM_Force_SSL::get_instance();
    }
}

    I suppose I could optimize it a bit more by not continueing with the plugin if the statement is true. Is there a (wordpress) function for that? Otherwise I could include it in the if ( ! class_exists( 'JSM_Force_SSL' ) ) statement. Unfortunately I am not very experienced with PHP.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Can not reach server internal without proxy and thus http’ is closed to new replies.