WordPress + CloudFront Flexible SSL ends up in redirect loop (https)

Question

Having problems accessing the admin over https when it's setup behind CloudFront Flexible SSL.

The admin works fine when accessing over http, but as soon as I change to secure https it ends up in a redirect loop.

I'm adding the following line to wp-config.php to force SSL in the admin.

define('FORCE_SSL_ADMIN', true);

Answer 1

in my case, another source of problems was (I know sounds silly) the DefaultRootObject.

I had this error on my CloudFront and WordPress and was the issue of my Too Many Redirects nightmare. I'm posting that because someone falls into the same stupid error like me.

Cheers

Answer 2

In my case we getting this problem because I configure CloudFront origin incorrect.

cloudfront-> origin -> Origin Protocol Policy -> Match Viewer 

after this setting my website working fine

Answer 3

This is due to the fact that CloudFlare's Flexible SSL operates as a reverse proxy and connects to the WordPress installation via http. Wordpress thinks you're connecting via http and does a redirect to the https resource. The browser requests the https resource from CloudFlare and CloudFlare again requests the resource over http from the WordPress server, resulting in another redirect.

Fortunately there's a solution. CloudFlare sends an http header X-FORWARDED-PROTO that is the protocol used in the connection from the browser to the CloudFlare server. We can use this to tell WordPress that even though the request is happening over http, the link to the browser is over https.

In the wp-config.php file add the following line:

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS']='on';

It's also crucial that the above line comes before the following line:

require_once(ABSPATH . 'wp-settings.php');

After making that modification the redirect loop will stop and you'll be able to use the admin again.

This ultimately applies to all reverse proxy servers, not just CloudFlare.