Tiki Wiki: Hosting behind a reverse proxy/load balancer and forcing HTTPS

Tiki Wiki has support for hosting behing a reverse proxy/load balancer which handles HTTPS. However, I had a heck of a time getting this running. I wasn’t able to find the documentation on their website explaining the setup required, but it is documented in lib/setup/absolute_urls.php.

Adding a row to your tiki_preferences table will do the trick.

INSERT INTO tiki_preferences (name, value)
VALUES (‘feature_port_rewriting’, ‘y’)

I also set the ‘https_login’ to ‘required’ and left the ‘https_port’ empty. The absolute_urls.php script will set the https_port var to 443 when this field is empty.A quick, simple fix to force HTTPS logins on your Tiki Wiki install, when you’re running behind a reverse proxy or load balancer which handles HTTPS for you.

WordPress: Insecure content behind reverse proxy/load balancer

When running WordPress behind a load balancer or reverse proxy, you may find that you’re getting lots of insecure content warnings in your browser. This may cause the page to load improperly, as all the content is not being delievered.

Most reverse proxies and load balances will add an additional header to the request, allowing the server to identify the clients’ real IP address. One common name for this header is ‘X-FORWARDED-FOR’. The reverse proxy/load balancer may also add the ‘X-FORWARDED-PROTO’ header. I’ll assume this is the senario moving forward. If you’re not sure what your headers are named, or if they’re present at all, contact your reverse proxy/load balance provider or administrator.

There are several solutions to fix this. A simple plugin can apply the fix – SSL Insecure Content Fixer.

However, if you want to apply the fix yourself, it’s quite simple. After installation, add the following lines to your wp-config.php file:

/** Custom SSL Handlers **/
if (isset($_SERVER[‘HTTP_X_FORWARDED_PROTO’]) && $_SERVER[‘HTTP_X_FORWARDED_PROTO’] == ‘https’)
$_SERVER[‘HTTPS’] = ‘on’;

if (isset($_SERVER[‘HTTP_X_FORWARDED_FOR’])){
$_SERVER[‘REMOTE_ADDR’] = $_SERVER[‘HTTP_X_FORWARDED_FOR’];
}

Save, and that’s it!

Adding X-Forwarded-For header logging on Apache for ISPConfig3

If you’re running your Apache with ISPConfig3 behind a reverse proxy or load balancer, you’ll probably want to log the X-Forwarded-For header, set by your reverse proxy/load balancer. If your setup sets a custom header, no worries, the method is the same.

The LogFormatĀ format for ISPConfig3 with Apache is stored in /etc/apache2/sites-available/ispconfig.conf, the line looks like this:

LogFormat “%v %h %l %u %t \”%r\” %>s %O \”%{Referer}i\” \”%{User-Agent}i\”” combined_ispconfig

To add logging for the X-Forwarded-For header, simply add

%{X-Forwarded-For}i

anywhere you’d like the users actual IP to be logged. Here’s what mine looks like:

LogFormat “%v %h %{X-Forwarded-For}i %l %u %t \”%r\” %>s %O \”%{Referer}i\” \”%{User-Agent}i\”” combined_ispconfig