• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.3 Problems implementing SSL


XenForo developer
Staff member
If the base href is detecting as http, that would indicate that either the server running PHP wasn't hit with HTTPS (such as if you're using a load balancer/reverse proxy setup) or that there was no environment variable set to indicate this.

XF expects $_SERVER['HTTPS'] = 'on' to be set (standard in Apache, commonly added in Nginx). You could explicitly set it in config.php if needed.

Stuart Wright

Well-known member
Thank you. Chris D says it's a bug in NGINX not sending the https variable through to php in earlier versions. We're running 1.4.1 and he says upgrading will fix it.

Chris D

XenForo developer
Staff member
I may have been hasty in calling it a bug. It's more like what Mike has said where it just doesn't pass that, which isn't necessarily incorrect.

There's a way to pass the variable if PHP is used as fastcgi, but that may not be applicable to you.

You could explicitly set it in config.php if needed.
We've done this for now.

There's a small issue this introduces with Gravatar though Mike.

return (XenForo_Application::$secure ? 'https://secure' : 'http://www')
    . ".gravatar.com/avatar/{$md5}?s={$size}{$default}";
$secure is set when Zend Framework is initialised I think, before the config.php file is looked at so it gets the original NULL value.

I've overridden that Gravatar code to force https://secure. for now.