Use config site/sslproxy to force HTTPS (i.e. using reverse proxy to enable it)

Usage in config.php: $config['site']['sslproxy'] = true;

Add this to documentation...

diff --git a/index.php b/index.php
index de57f1078dc407e2532ad58d1b81750ccf2a8c23..ecbfb3eb7b1d692e46d47ba2ae50cfc9fa13a4c3 100644 (file)
--- a/index.php
+++ b/index.php
@@ -266,10 +266,8 @@ function main()
 
     $args = $r->map($path);
 
-    $site_ssl = common_config('site', 'ssl');
-
     // If the request is HTTP and it should be HTTPS...
-    if ($site_ssl != 'never' && !GNUsocial::isHTTPS() && common_is_sensitive($args['action'])) {
+    if (GNUsocial::useHTTPS() && !GNUsocial::isHTTPS()) {
         common_redirect(common_local_url($args['action'], $args));
     }
 

diff --git a/lib/default.php b/lib/default.php
index c17c2e0bf46d45dd696bf97defed654d9a2d2f7c..dbd3a694c5674dfe78c10a92e414ce33b9fa3328 100644 (file)
--- a/lib/default.php
+++ b/lib/default.php
@@ -56,6 +56,7 @@ $default =
               'inviteonly' => true,
               'private' => false,
               'ssl' => 'never',
+              'sslproxy' => false,   // set to true to force GNU social to think it is HTTPS (i.e. using reverse proxy to enable it)
               'sslserver' => null,
               'dupelimit' => 60, // default for same person saying the same thing
               'textlimit' => 1000, // in chars; 0 == no limit

diff --git a/lib/gnusocial.php b/lib/gnusocial.php
index ed87782c472e1f3a8dde0b6f5592dda487904fe7..277c41e7c8d08334bdd6672ddfc824dad1cb1288 100644 (file)
--- a/lib/gnusocial.php
+++ b/lib/gnusocial.php
@@ -426,6 +426,10 @@ class GNUsocial
 
     static function isHTTPS()
     {
+        if (common_config('site', 'sslproxy')) {
+            return true;
+        }
+
         // There are some exceptions to this; add them here!
         if (empty($_SERVER['HTTPS'])) {
             return false;