Determing scheme behind Cloudfront or CloudFlare
There's this discussion in the open community: https://open.vanillaforums.com/discussion/33037/wip-notes-on-scaling-vanilla-on-aws-ec2
Determing http vs. https in Vanilla is done in PHP by seeing the current scheme. This is all well and good until SSL terminates before the server running Vanilla.
We also have had multiple issues with XO Group's CloudFlare implementation over the years, the lastest being that forcing SSL caused an infinite redirect loop since they terminate SSL at CloudFlare - Vanilla saw it as HTTP and redirected. They fixed this on their side after debugging with us on the phone for half an hour, but I'm unsure what their solution was since I'm not familiar with CloudFlare.
As these setups become more common, what's our best strategy to support them?
Comments
-
This PR was submitted to address the Cloudfront issue: https://github.com/vanilla/vanilla/pull/5051
I'm not a fan of proprietary headers going into core, but I'm waiting to close it for a better solution. I'd like to see this make the 2.4 cut off in the next week or three.
0 -
There is a "X-Forwarded-Proto" header that we support.
0 -
Our Rackspace loadbalancer terminates SSL and correctly supplies X-Forwarded-Proto: https in the proxied request to us. If CloudFlare aren't doing that, then shame on them.
0 -
Thanks, I found the relevant code and replied.
0
