HTTPS with a load balancer

ghoti's picture

Howdy.

I'm trying to add support for X-Forwarded-Proto and Front-End-Https to Drupal. Right now, if you try to run an HTTPS-only site on a reverse proxy that talks to your web servers via HTTP, AJAX callbacks fail because Drupal incorrectly generates a callback URL based on the protocol between the proxy and the web server, not between the client and the proxy.

So ... I'm looking for feedback on http://drupal.org/node/313145 which patches includes/bootstrap.inc to let it trust the above headers for your installation (otherwise the installation fails), after which you can set your $base_url in settings.php.

Any testers? Any thoughts or concerns?

I'd love to see this get in to 7.0. :)

Comments

Has this gone anywhere?

stephen.colson's picture

Do you know if this has gone anywhere? The Drupal community seems to really like Varnish, which of course is http-only. Even if you put stunnel or pound in front of varnish to do the ssl translation, have things been fixed so that Drupal knows it is in ssl mode externally even if it is behind a reverse proxy that is only passing data in plain text?

don't think so

beejeebus's picture

not in D6.

its also easy to work around though, by getting pound (or whatever is doing the HTTPS termination) to forward to different ports on the backend server, then setting HTTPS to on/off based on that.