WordPress stuck in infinite redirect loop

I was trying to set up a local (development) copy of a site I manage today, but found that I was getting a ‘Too many redirects’ error when trying to load it. Eventually I tracked it down to the WordPress redirect_canonical() function, and more specifically is_ssl().

is_ssl() was reporting false even though I was requesting the site over https. And so it was redirecting to the https URL (as this is what I have set as the siteurl in the WP options). Thus causing an infinite redirect loop.

The cause of this problem and the solution can be found here: WordPress Function Reference – is ssl. The problem was that I was using a reverse proxy setup, so the apache instance running WordPress wasn’t using https, just the nginx server handling the initial requests was.

By adding proxy_set_header X-Forwarded-Proto https; to the nginx config and then if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') { $_SERVER['HTTPS'] = 'on'; } to the wp-config.php the problem is solved.

I’d be interested to know how this is normally handled in environments using reverse proxies, as I would think many shared webhosts use this structure, but users aren’t required to add checks for the X-Forwarded-Proto header in their wp-config just to get WordPress working on https. Or are they?

Posted on by xoogu, last updated