Magento HTTPS Redirect Loop, SSL offloading Proxies (Pound / nginx / …)

Your mission: HTTPS offloading

You want to offload HTTPS handling to a different server / device, and connect to Magento via HTTP.

In this case, Magento has to understand, that it is being accessed via HTTP, but has to write HTTPS links!

The promise: NO Magento code hacks necessary! (Ashley, see below, correctly advises that this should be your absolutely LAST resort. Not a wise thing to do!)

Here's how you do it: (tested with Magento 1.7.0.2)

Step 1: Set up Pound / nginx / …

These reverse proxies have to indicate to Apache (which I assume you run Magento on) that they are serving HTTPS content to the frontend user.

Here's how you do it for Pound, which I personally use:

## sample pound.cfg
##
## see pound(8) for details

######################################################################
## global options:

(…)
######################################################################
## listen, redirect and … to:

## Edit by Max 15.09.2012
ListenHTTPS
    Address 5.9.55.113
    Port    443
(…)
    Cert "/path_to_cert/shop.pi3g.com.pem"
   
#
    ## allow PUT and DELETE also (by default only GET, POST and HEAD)?:
    xHTTP        0

    AddHeader "X-Forwarded-HTTPS: on"
    AddHeader "X-Forwarded-Proto: https"

(…)   

    Service
        BackEnd
            ## = Varnish :-)
            Address    127.0.0.1
            Port    80
        End
    End
End

In my case I actually use an additional Varnish instance between Pound and Magento's Apache. Varnish will simply pass on those two headers. It's use is as a load balancer and caching accelerator. You can also use it to ban unwanted user agents, and do some other pretty nifty things. But – that's outside the scope of this article.

Restart pound to reload the configuration:

service pound restart

Step 2: Check that the secure URL is REALLY secure

In the Magento backend, you should ensure that the Base URL for Secure connections has "https" in front of it (see screenshot). For me it was set to http as per default, and this was causing redirect loops with Step 3. So check it, by logging into your backend, and fix it, if necessary.

 

Step 3: Convince Magento it is behind an SSL proxy

This is an easy one. Edit your (Magento's store) .htaccess to add:

############################################
## Pound proxy HTTPS fix for Magento 1.6.2.0
SetEnvIf X-Forwarded-Proto https HTTPS=on

No restart necessary.

If you get redirect loops here, disable the statement (add a # to comment it at the front of SetEnfIf), and re-check Step 2 above. This has been the solution for me!

 

Thanks to these guys:

• Ashley (Step 3)
• Sonassi (Step 3)
• Francisco (Step 1)

 

Bonus: What is pi^3g?

Thanks for asking! pi^3g is my new project, it is a microcomputer based on the Raspberry Pi.

I am selling these microcomputers as a bundle with all cables, SDHC cards, adapters, etc. necessary to get off to a good start in this new computing wonderland. Completed by an easy to use software and web-frontend (under development currently).

Grab yours today!

Related posts:

1. Obtaining and installing GoDaddy Certificates for Pound
2. Magento Commerce 1.6 and 1.7 installation problems
3. Pound 2.6.1 Debian package (for Debian 6)
4. Fix for Synergy screen-sharing mouse getting stuck at the screen's edges
5. Broken pages in Lectora: JavaScript the culprit

Related posts brought to you by Yet Another Related Posts Plugin.