Endless Redirect Loop with AWS ELB and wordpress site using wordpress https plugin

Question

I have configured an AWS ELB to point to my Ubuntu Server running the Wordpress 3.2.1. Everything worked great on the server until I put it behind a load balancer.

I setup the load balancer to forward port 80 to port 80 and port 443 to port 80.

I setup my virtual hosts file to check for the headers from the elb:

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule !/status https://%{SERVER_NAME}%{REQUEST_URI} [L,R]

Now whenever I go to an https url I get this message:

This webpage has a redirect loop
The webpage at https://mywebsite.com/securepage/ has resulted in too many redirects

As soon as I disable the wordpress https plugin
(http://wordpress.org/extend/plugins/wordpress-https/)
The pages work but are now full of mixed content. pages that should be https are no longer https.

As soon as I access the server directly instead of through the elb it works again.

Any ideas on how I could get this to work with an AWS ELB?

have you update the permalink? usually we have to update the permalink setting on wordpress — user905953, Aug 24 '11 at 20:45

score 23 · Answer 1 · answered Jun 08 '15 at 06:05

23

Try adding this to your httpd.conf or an .htaccess

SetEnvIfNoCase X-FORWARDED-PROTO "^https$" HTTPS

When using the load balancer + HTTPS, your webserver is unaware that HTTPS is being used on the front end, so keeps trying to redirect to the HTTPS site, when in fact, HTTPS is already being used.

The above will translate the header that Amazon's Load Balancer sends (X-Forwarded-Proto: https) into an environment variable that Wordpress and other PHP scripts understand (HTTPS=1)

answered Jun 08 '15 at 06:05

A.B. Carroll

535
1
4
10

3

This would be correct way do it, as SSL decryption remains on ELB – toske Jun 30 '15 at 10:47
1

If you're on nginx, similar addition would be: `fastcgi_param HTTPS on;` – Akash Budhia Feb 24 '17 at 08:16
1

This post ended my hour long pain... THX – Daywalker Jul 13 '18 at 07:43
thanks it work for me with apache – S.Bao Aug 10 '21 at 16:29

score 13 · Accepted Answer · answered Aug 24 '11 at 22:36

13

I would hazard a guess without you posting your ELB configuration that the ELB is redirecting HTTPS (443/tcp) traffic to the EC2 instance on HTTP (80/tcp). Then you're .htaccess and plugin are trying to redirect it back to HTTPS because it is being seen over HTTP.

Go take a look at your EC2 console under Network & Security > Load Balancers and I would imagine you'll see the Port Configuration says something along the lines of 443 forwarding to 80 (HTTPS, Certificate: blah)

answered Aug 24 '11 at 22:36

Jeremy Bouse

11,241
2
27
40

1

This person here was having the same problem. https://forums.aws.amazon.com/thread.jspa?threadID=58801&start=0&tstart=0 – ChickenFur Aug 24 '11 at 22:40
1

and this one looks similar http://stackoverflow.com/questions/5741210/handling-x-forwarded-proto-in-java-apache-tomcat – ChickenFur Aug 24 '11 at 22:43
your right I am forwarding 443 to 80. – ChickenFur Aug 24 '11 at 22:43
I've been running one of my clients under AWS for over 2 years now... When I read your question that's the first thing that popped into my head as suspect. – Jeremy Bouse Aug 25 '11 at 00:56
1

Changing the LB to point from 443 to 443 fixed it :) Thanks! – ChickenFur Aug 25 '11 at 19:53

score 5 · Answer 3 · answered Dec 09 '15 at 09:13

According to Amazon here https://d0.awsstatic.com/whitepapers/deploying-wordpress-with-aws-elastic-beanstalk.pdf the fix is:

/** Detect if SSL is used. This is required since we are terminating SSL either on CloudFront or on ELB */ 
if (($_SERVER['HTTP_CLOUDFRONT_FORWARDED_PROTO'] == 'https') OR ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'))
    {$_SERVER['HTTPS']='on';}

I still ended up with the endless loop, so I changed my WordPress config as from:

define('WP_HOME','http://www.example.com');
define('WP_SITEURL','http://www.example.com');

to:

define('WP_HOME','https://www.example.com');
define('WP_SITEURL','https://www.example.com');

This will force users to https, even if they type http, plus it makes it easy to develop the site offline because you just update the WP_HOME to local host and https is no longer the default

Tim · Answer 4 · 2018-01-07T11:20:46.920

Quoting myself from another helpful post https://serverfault.com/a/858308/450836:

For me it was sufficient to set $_SERVER['HTTPS']='on'; in wp-config.php. I'm using AWS ELB which terminates SSL on the ELB. Therefore nginx accepts the request on Port 80 (8080 after varnish) and it seems like wordpress was not able to deal with it until you explicitly tell PHP that the site already uses https...

For the non-SSL ELB Listener I use a separate config to redirect all traffic to https as default listener.

score 0 · Answer 5 · answered Aug 15 '20 at 04:26

AWS WP too many redirects (err_too_many_redirects wordpress on AWS)

ACTUAL SOLUTION if you have AWS load balancer 443 forwarding to server port 80:

A. add following starting from to very first line 1 of .htaccess:

SetEnvIfNoCase X-FORWARDED-PROTO "^https$" HTTPS

RewriteEngine On

RewriteCond %{HTTP:X-Forwarded-Proto} !https

RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]

B. add the follwoing to wp-config.php above line "require_once(ABSPATH . 'wp-settings.php');"

**define('FORCE_SSL_ADMIN', true);

define('RELOCATE', TRUE);

if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')

    $_SERVER['HTTPS'] = 'on';**

score 0 · Answer 6 · answered Apr 30 '18 at 20:55

As @Tim suggested, this $_SERVER['HTTPS']='on'; in wp-config.php did the trick for me.

I also added this to my .htaccess file to force HTTPS:

RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.1$
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302]

score 0 · Answer 7 · answered Jun 29 '18 at 18:21

Fix for too many redirection issues in aws ALB

Enable header module then add following entry in apache config

SetEnvIf X-Forwarded-Proto "https" HTTPS=on RequestHeader set HTTPS "on" env=HTTPS

    RewriteEngine On
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

Endless Redirect Loop with AWS ELB and wordpress site using wordpress https plugin

7 Answers7