Hello There, Guest! Login Register

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Php http Jump https problem
<? Php
// http to https

If ($ _SERVER [ "HTTPS"] <> "on")
$ Xredir = "https: //". $ _ SERVER [ "SERVER_NAME"]. $ _ SERVER [ "REQUEST_URI"];
Header ( "Location:". $ Xredir);

With this code, an infinite loop occurs

My Applications
SSL CDN acceleration >>>>> SSL seven-tier load balancing >>>>> Internal nginx without SSL
Floating in the equalizer configuration 443 is turned to internal 80
And a certificate is also configured on the load balancer
There is also a certificate on cdn

How to do http jump ah
If the cdn open on the full ssl ie cdn access to the source site using http mode then the above code will not work will be infinite loop because php is the internal server to determine the $ _SERVER [ "HTTPS". Judgment is http then jump to https But cdn will always use http visit the source site

If you open a comprehensive ssl
That is, open the ssl cdn, load balancer to open ssl load balancer to the internal server also enable ssl This three-tier encryption speed that I tested a bit as if it would repeat the orientation

I draw the request process
CDN 80 >>>> load balancing 80 >>>>> internal server 80 is completely normal

HTTPS mode
Users >>>>> CDN 443 >>>> load balancing 80 >>>>> internal server 80 how to do http Jump to https
Users >>>>> CDN 443 >>>> load balancing 443 >>>>> internal server 80 how to do http Jump to https
Users >>>>> CDN 443 >>>> load balancing 443 >>>>> internal server 443 how to do http Jump to https
If you do not do the above 3-minute jump, HTTPS mode access is normal
But there will be jump to repeat the direction of how to break the big God to see how ah

And the load balancer does not seem to support SNI
Don't do https redirects on the php code. This always would cause a lot of problems especially when having a front end server.
Use nginx as your load balancer so you can use Server Name Identification. Using php is kinda bad practice for this IMHO.

Can't your CDN do this though? Why not ask their support?

Links for load balancing in nginx:
I would also advise to do the HTTP to HTTPS redirection at the frontend / web server level instead of using PHP / HTML / JS or anything else. As @Conan mentioned doing redirections in PHP (and also in HTML / JS) is absolutely not clean and therefore I wouldn't recommend it either. The problem with redirections done by PHP / HTML / JS usually is that they do cause a lot of problems for web browsers, search engines and sometimes even for the actual site.

Let's say you use nginx as @Conan suggested. You usually have a server {} block for HTTP at port 80 and another server {} block for HTTPS at port 443. In the server block for HTTP at port 80 you would basically only contain the really basic paramters that you require such as the listen parameter, server_name, maybe log files and that is about it. You should not host any content on HTTP at port 80 so other things like document root, PHP implentation and etc are not necessary in the HTTP server block. Now to redirect users accessing your site at HTTP port 80 you would bascially add this line to the HTTP server block:
return 301 https://$server_name$request_uri;

The above code snippet will send all HTTP traffic going to http://yoursite.com/ to https://yoursite.com/. This will also affect all requests such as: http://yoursite.com/blog/article1 will go to https://yoursite.com/blog/article1 instead of only redirecting to https://yoursite.com/.

In the HTTPS server block you can then have the full configuration where PHP and everything else is implemented. It is better nowadays to operate a site fully under TLS encryption. With Let's Encrypt there is no more issue to get free, valid and trusted TLS certificates with automatic renewal (a small cronjob does the renewal).

About your mixed content issue. You can edit the code of your site and point all the links from outside sources to //cdn.site.com/script.ext. This will load the resources automatically with the corresponding protocol when your site is only available over HTTPS. Or you could of course hard code all 3rd party resources to HTTPS directly. Make sure they all are reachable over HTTPS. If they are not you should pull a copy of the script to your server and serve it from there on over HTTPS.

If your CDN does not support TLS encryption you should probably switch or build your own CDN with another server and CloudFlare.

Forum Jump:

Users browsing this thread:
1 Guest(s)