I have a secure (https) application set up in the Webfaction portal running on 443 (of course) in PHP. My forum software was insisting the port was 80 and causing me no end of headaches. Took an hour to track it down, but it turns out PHP's environment is reporting port 80:
This is rather unexpected. I've patched over the problem by manually forcing the port to 443, but I'm curious as to why the environment is claiming to be port 80. Is this some simple configuration I've completely missed? asked 04 Dec '13, 04:59 AutoDMC |
That's correct. PHP always runs on port 80, regardless of whether your site uses HTTP or HTTPS. To understand why, you need to understand a bit about WebFaction's infrastructure: 1) All requests (HTTP and HTTPS) arrive at the web server's "frontend" Nginx "reverse proxy" daemon. This frontend server/daemon is responsible for forwarding requests based on domain name ("virtual hosting"), and it also performs all the dirty work of HTTPS encryption and decryption. By the time the connection is forwarded to your app, SSL has already been stripped off, so all internal connections are always HTTP. 2) PHP is served by an internal Apache server/daemon, which runs on port 80. So this is why your PHP always reports port 80. If you want to detect whether a request originally came in on HTTP or HTTPS, you can check these request headers:
...Some other useful headers that get set by the reverse-proxy:
Regards, ~Christopher S, WebFaction Support answered 04 Dec '13, 14:25 likebike I figured it was something like that but I wanted to hear it "from the horse's mouth" before I started hacking away at the code. I'll be putting in a bug with my app developers to be more sensitive to environments with forwarding, specifically checking X-Forwarded-SSL and HTTPS, both which worked fine (dunno why they were trying to be clever with ports). Thanks again.
(09 Dec '13, 04:08)
AutoDMC
|