WordPress + CloudFront Flexible SSL ends up in redirect loop (https)
Having problems accessing the admin over https when it's setup behind CloudFront Flexible SSL.
The admin works fine when accessing over http, but as soon as I change to secure https it ends up in a redirect loop.
I'm adding the following line to wp-config.php to force SSL in the admin.
define('FORCE_SSL_ADMIN', true);
Answer
This is due to the fact that CloudFlare's Flexible SSL operates as a reverse proxy and connects to the WordPress installation via http. Wordpress thinks you're connecting via http and does a redirect to the https resource. The browser requests the https resource from CloudFlare and CloudFlare again requests the resource over http from the WordPress server, resulting in another redirect.
Fortunately there's a solution. CloudFlare sends an http header X-FORWARDED-PROTO that is the protocol used in the connection from the browser to the CloudFlare server. We can use this to tell WordPress that even though the request is happening over http, the link to the browser is over https.
In the wp-config.php file add the following line:
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS']='on';
It's also crucial that the above line comes before the following line:
require_once(ABSPATH . 'wp-settings.php');
After making that modification the redirect loop will stop and you'll be able to use the admin again.
This ultimately applies to all reverse proxy servers, not just CloudFlare.