Request returns http instead of https


#1

Hi.
I’ve a website with Nginx web server and i use slim 3.9. The request getUri() always returns http://mywebsite.com even if i call https://mywebsite.com. I get the request from the container $container['request']->getUri(). Where am i wrong ?
Thanks.


#2

Is your server behind any sort of proxy, load balancer? Is it running on port 443? If you var_dump($_SERVER); what do you see for SERVER_PROTOCOL and SERVER_PORT?


#3

Try adding following FASTCGI param (I guess you’re using PHP-FPM) :

fastcgi_param HTTPS on;


#4

No, SERVER_PORT is 80.


#5

I don’t know for sure, but that might be part of it as there might be some assumptions that port 80 is http, not https.


#6

Did you try the fast_cgi param ?


#7

Slim recognizes the HTTP schema (http:// or https://) based on the value in $_SERVER['HTTPS'].

If the value is “off”, then the HTTP schema is http://.

How is your value in $_SERVER['HTTPS'] ?


#8

Yes, it didn’t work.

There isn’t HTTPS in $_SERVER. :confused:


#9

Can you share with us your nginx vhost ?


#10

Not at moment.
I’m using cloudflare. Could it be the cause ?


#11

as tflight said, it can be a proxy problem. For example, if your webserver works like :

[client] =(:443)=> [proxy] =(:80)=> [php]

So it looks like HTTPs because between client and proxy you have :443 TCP connection, but in fact PHP recieves requests on port 80.

So, if you can tell us more about you webservers config (cloudflare, etc), maybe we can find the bug :octopus:


#12

Yes, Cloudflare is the cause. As far as your webserver knows, it is http because of the port number.

Are you trying to generate a URL from Twig? If so, override $uri when creating the TwigExtension.

        $view->addExtension(new Slim\Views\TwigExtension(
            $c->get('router'),
            'https://example.com'
        ));

See this discussion for a very similar topic and solutions.


#13

The solution is quite easy, if a bit counter-intuitive. You simply tell Nginx to set the HTTPS parameter when it hands the request off to the FastCGI wrapper (in this case PHP). In the SSL vhost configuration for your domain, simply add the line fastcgi_param HTTPS on;.

The full code snippet would look something like this:

server {
	listen *:443 ssl;
	server_name example.com;
 
	fastcgi_param HTTPS on;
 
	# finish vhost config...
}

Source1 | Source2


#14

You could also try this small environment fix. Just add this to your container:

$container['environment'] = function () {
    $_SERVER['HTTPS'] = 'on';
    return new Slim\Http\Environment($_SERVER);
};

#15

I solved using this solution. I wonder what could be the cause ?
Thanks for support.


#16

This is one of several differences between Apache and Nginx. By default, Apache provides the
’HTTPS’ variable. With Nginx, this parameter must be set manually in the server configuration. But I’m not a Nginx expert.