I ran into what is apparently a pretty common issue with users running PHP as some sort of CGI with the Nginx webserver. If you’re trying to detect whether a user is using SSL you normally check to see if $_SERVER['HTTPS'] == 'on'. Well apparently this is more of an Apache-only convention than I thought… It won’t work under Nginx, your PHP script will never see an HTTPS server value and will always think the connection is unencrypted (in my case with the SSL Admin plugin for Wordpress, resulting in an infinite loop back to the SSL version of the page).

The solution is quite easy, if a bit counter-intuitive. You simply tell Nginx to set the HTTPS parameter when it hands the request off to the FastCGI wrapper (in this case PHP). In the SSL vhost configuration for my domain, I simply added the line fastcgi_param HTTPS on;. For sanity (and so I remember it in the future), I put it immediately after I turned on SSL.

The full code snippet would look something like this:

server {
	listen *:443 ssl;
	server_name chrismeller.com;
 
	fastcgi_param HTTPS on;
 
	# finish vhost config...
}

Since you don’t include it in the non-SSL vhost configuration (and you’re using separate configurations for each like a good little web hoster) the value is only set for SSL connections and the behavior of your code goes right back to normal. Spiffy!

Originally published and updated .
comments powered by Disqus