I have a wordpress site in a VM, let’s call it vm-site and it is behind nginx that is sitting in another vm, let’s call it vm-nginx that is handling the ssl. Here is the relevant part of the nginx.conf

server {
    server_name  <my-domain> www.<my-domain>
    root         /usr/share/nginx/html;

    location / {

        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header Host $host;
        proxy_pass http://<vm-site-ip>;
    }
}

and I have added the following lines in the wp-config.php

define( 'WP_DEBUG', false );

define('FORCE_SSL_ADMIN', true);

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) {
    $_SERVER['HTTPS'] = 'on';
}

/* That's all, stop editing! Happy publishing. */
[...]
define('WP_SITEURL', 'https://<my-domain>/');
define('WP_HOME', 'https://<my-domain>/');

This configuration works fine, but I wanted to use the power of aws api-gateway instead of using nginx.

I have created the following endpoints:


As you may see the host and the proto header (along with others) are being forwarded, and I have verified it on the aws logs. In the black box is the vm-site ip.

What I experience, using incognito mode is:

• when I ask for a page, things do work
• when I ask for a URL that I would get a redirect, for example /wp-admin I am getting ERR_TOO_MANY_REDIRECTS with the Request url being https://my-domain/wp-admin/ and the location response header being http://my-domain/wp-admin/ and vice versa.

I looked at the _server variables and I noticed that in api-gateway we have these extra headers (there are other differences as well, but I don’t think that are relevant)
$_SERVER[‘HTTP_X_FORWARDED_PORT’] 443
$_SERVER[‘HTTP_X_FORWARDED_FOR’] my-ip, 70.132.63.91
I added then in nginx-vm
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
but I didn’t see any issue.

Any ideas?