If there is a load balancer or other server handling SSL in front of your webserver, you need a way to tell Magento that it's receiving a secure connection, or else it will put you into a 302 redirect loop.
Put the following above the Mage::run...
line at the bottom of your index.php to prevent this issue without overriding any Magento code:
This example is for Amazon EC2, but if your load balancer uses a different header, just change the `HTTP_X_FORWARDED_PROTO` portion.
/**
* EC2's load balancer sets these for us so we know we're secure,
* preventing Magento from performing a redirect loop.
**/
if( isset($_SERVER['HTTP_X_FORWARDED_PROTO']) ) {
$_SERVER['HTTPS'] = 'on';
$_SERVER['SERVER_PORT'] = 443;
}
Hi this fixed the problem for me but left me unable to sign into my admin interface. I have tried setting the admin interface to use both ssl and non ssl but both fail to login. Did you not experience this problem?
Posted by: Shaun Keating | 09/26/2011 at 09:54 AM
This solved this problem for me with nginx as a reverse proxy. I did have to set a custom header in the config tho. Thanks!
Posted by: beeplogic | 11/08/2011 at 02:52 AM
This is a must read blog. The technical help presented on this blog is just so amazing. I don’t know where else I would have got all the information I had, but from this article. I count myself lucky for having come across this great work. I’m so impressed with this blog.
http://www.hire-web-developers.com/Hire-Magento-Developer.html
Posted by: Account Deleted | 11/15/2011 at 07:43 PM
@Shaun Sorry for the late response!
I didn't experience any problems logging into admin after the change.
Did you find a solution?
Posted by: Naruzo | 12/13/2011 at 03:06 PM
@sathya glad the info came in handy!
Posted by: Naruzo | 12/13/2011 at 03:07 PM
I believe this has a side affect of treating true "http" requests as "secure" in Magento. Unsecure frontend pages would have references to js/css/etc as "https" for example. Magento' could not recognize "http" traffic and redirect to "https" (say the admin login itself) resulting in unsecure login pages that didn't work unless you explicitly went to "https". ANYWAY, I think you just want to make a tweak to check what the load balancer is telling you for protocol ...
Posted by: Bob Morley | 08/03/2012 at 01:43 AM