WebFaction
Community site: login faq

I have a secure (https) application set up in the Webfaction portal running on 443 (of course) in PHP.

My forum software was insisting the port was 80 and causing me no end of headaches. Took an hour to track it down, but it turns out PHP's environment is reporting port 80:

$envSnip = array();
$envBits = array('HTTPS', 'HTTP_HTTPS', 'HTTP_X_FORWARDED_PROTO',
          'HTTP_X_FORWARDED_SSL', 'SERVER_ADDR', 'SERVER_PORT');
foreach ($envBits as $bit) {
    $envSnip[$bit] = $_SERVER[$bit];
}
echo "<pre>";print_r($envSnip);die();

Array
(
    [HTTPS] => on
    [HTTP_HTTPS] => on
    [HTTP_X_FORWARDED_PROTO] => https
    [HTTP_X_FORWARDED_SSL] => on
    [SERVER_ADDR] => 127.0.0.1
    [SERVER_PORT] => 80
)

This is rather unexpected. I've patched over the problem by manually forcing the port to 443, but I'm curious as to why the environment is claiming to be port 80. Is this some simple configuration I've completely missed?

asked 04 Dec '13, 04:59

AutoDMC
526
accept rate: 0%


That's correct. PHP always runs on port 80, regardless of whether your site uses HTTP or HTTPS. To understand why, you need to understand a bit about WebFaction's infrastructure:

1) All requests (HTTP and HTTPS) arrive at the web server's "frontend" Nginx "reverse proxy" daemon. This frontend server/daemon is responsible for forwarding requests based on domain name ("virtual hosting"), and it also performs all the dirty work of HTTPS encryption and decryption. By the time the connection is forwarded to your app, SSL has already been stripped off, so all internal connections are always HTTP.

2) PHP is served by an internal Apache server/daemon, which runs on port 80. So this is why your PHP always reports port 80.

If you want to detect whether a request originally came in on HTTP or HTTPS, you can check these request headers:

Http-X-Forwarded-Proto
Https
X-Forwarded-Proto
X-Forwarded-SSL

...Some other useful headers that get set by the reverse-proxy:

X-Forwarded-Host
X-Forwarded-Server
X-Forwarded-For
Forwarded-Request-Uri

Regards,

~Christopher S, WebFaction Support

permanent link

answered 04 Dec '13, 14:25

likebike
3366
accept rate: 28%

edited 04 Dec '13, 14:27

I figured it was something like that but I wanted to hear it "from the horse's mouth" before I started hacking away at the code. I'll be putting in a bug with my app developers to be more sensitive to environments with forwarding, specifically checking X-Forwarded-SSL and HTTPS, both which worked fine (dunno why they were trying to be clever with ports).

Thanks again.

(09 Dec '13, 04:08) AutoDMC
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×265
×108
×11

question asked: 04 Dec '13, 04:59

question was seen: 3,723 times

last updated: 09 Dec '13, 04:08

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2020 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM