Tags for this FAQ item:
PHP SSL Wordpress

Help us by rating this article!

Rated 5 stars, based on 4 votes

Using Wordpress with HTTPS on the Kinamo hosting platform

Last updated: 21/08/2017

This article explains on how you may use an SSL certificate on the Kinamo hosting platform. The Kinamo hosting platform uses HAProxy load balancers and SSL offloading. This means that for detecting your secure website, you will have to make some changes to the Wordpress installation so it correctly detects the secured traffic.

To avoid Wordpress giving errors on each element not correctly sent through HTTPS you will have to tell it that you are using SSL, by simply adding the following rules to the wp-config.php:

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS']='on';

An additional step is by capturing the right client IP. If you do not make this change, all visitor IP's for posts and comments will appear to be coming from the same IP, namely the Kinamo load balancer IP.
Add the following rule to the wp-config.php file:

if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) {
$_SERVER['REMOTE_ADDR'] = $_SERVER["HTTP_X_FORWARDED_FOR"];
}

This rule ensures the forward address will be used, and not the proxy (load balancer) address.

As a final precaution you must alter the .htaccess file of your Wordpress site, by adding the following rules. If you fail to do so, chances are the URL of your site will not be correctly determined and you will end up with an infinite redirect loop:

<IfModule mod_rewrite.c>

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

</IfModule>

(Thanks to Joachim from Nice & Robust!)

To conclude you can replace hardcoded HTTP pointers with the correct HTTPS URL. Wordpress typically saves content as images with hardcoded absolute URL's in the database. A simple and effective way is by using a plugin called the Wordpress SSL Insecure Content Fixer plugin. This plugin will replace the URL's with their correct HTTPS variant.
As an alternative you can always dive into the database and do the replacement of the URL's there.