CloudFlare SSL and redirection on Apache+Nginx setup

[rallisf1]

I am hosting a grav website at a Plesk shared hosting with Apache 2.2, PHP 7.1 and nginx as reverse proxy. It is a free hosting plan thus i get no SSL options for this. So i setup cloudflare for the domain and all hell broke loose.

Problem 1: Could not redirect to https

Force SSL option in the configuration would not work (both Chrome and Firefox return redirect error).

• I tried entering the https base url in the Absolute url option and enabling it and then the routing broke, i could only browse the homepage. No other pages and no admin. Reverted changes by editing the yaml configuration.
• I then tried an htaccess redirect which resulted in error 500 (no idea why, same redirect method works on any other setup i have come accross)
• Last and successful was a PHP redirect directly injected in index.php, after the namespace declaration of course. (see https://stackoverflow.com/a/42141803/4035886 for the redirection code)

Problem 2: All the rendered links now included a :80 port in the url which made them useless

Read about a similar problem at #1690

Not completely familiar with grav source code but i got around this by editing /system/src/Grav/Common/Uri.php
i replaced
return ($this->scheme === 'http' && $this->port === 80) || ($this->scheme === 'https' && $this->port === 443);
with
return ($this->port === 80 || $this->port === 443);

I have posted my system info here: https://gist.github.com/rallisf1/95234ad819bc8cafa5b00deaa572ae98

I suppose everyone else with the same problem can use the workaround above until an official fix comes out.

Cheers.

[rhukster]

Thanks for this detailed info. The SSL + Reverse Proxy is most definitely the cause. Weirdly we run getgrav.org with nginx reverse proxy to apache under SSL without issue. But I think this is because the SSL is at a higher cloudflare level.

[cord]

Am using cloudlflare ssl as well, but not sure if it is purely related to this setup.
Since updating v1.2.2 to v1.3.10 I have a similar situation where in a custom plugin (redirect to remove an affiliate get parameter from the url)

$uri = new Uri();
$base_url = $uri->base() . $uri->url();

header("Location: $base_url", true, '303');

returns http even the page was called as https.

the config setting force_ssl seems not be be applied in ->base().

my workaround:

if ($this->config->get('system.force_ssl')) {
   $base_url = str_replace('http://', 'https://', $base_url)
}

[Blazeflack]

I used the workaround from @rallisf1 to fix the issue described in #1690. It worked for me as well.

[jeremycherfas]

I had the same problem, arose recently, cannot be sure when. The fix from @rallisf1 Worked for me, I think. Not yet tested extensively.

[jeremycherfas]

This is still an issue after the latest upgrade. I applied the fix again and everything seems to work again.

[jeremycherfas]

I hope this will be fixed in 1.6

[rhukster]

Fixed in 1.6

[jeremycherfas]

Any idea when 1.6 will be out of beta? This bug catches me out every time I update 1.5. Thanks

[rhukster]

Soonish!.. was hoping to have it out in December, but got caught out by holidays...

[jeremycherfas]

Cool. Thanks. I can wait.