skybow wrote the very helpful article “Drupal via HTTPS/SSL Proxy Server (shared certificates)”. While following his advice, I found some improvements.
To reduce the amount of editing and to increate the reusability, I substituted
www.example.com
with $_SERVER['SERVER_NAME']
andssl.proxy.org
with $_SERVER['HTTP_X_FORWARDED_HOST']
.
Additionally, I added the line
ini_set('session.cookie_path', '/'.$_SERVER['SERVER_NAME'].'/');
to limit the cookies to the path, which is associated with the host.
That the cookie will bei set for the path /andunix.net/
insted of the root of the reverse proxy.
This improves security, as other hosts, using the same reverse proxy, won't see the cookie and also enables mutliple logins, if using multiple domain names for one installation.
It has also a nice side effect: I separated my normal editor account from the admin account, so that my normal account has not all the rights. If I want to log in with both accounts at the same time, I can do this using different domains.
$request_type = ($_SERVER['HTTP_X_FORWARDED_HOST'] == 'ssl.webpack.de') ? 'SSL' : 'NONSSL'; if ($request_type != "SSL"){ $base_url = 'http://' . $_SERVER['SERVER_NAME']; // NO trailing slash! $cookie_domain = $_SERVER['SERVER_NAME']; } else { $base_url = 'https://' . $_SERVER['HTTP_X_FORWARDED_HOST'] . '/' . $_SERVER['SERVER_NAME']; // NO trailing slash! $cookie_domain = $_SERVER['HTTP_X_FORWARDED_HOST']; ini_set('session.cookie_path', '/'.$_SERVER['SERVER_NAME'].'/'); $_SERVER['HTTPS'] = 'on'; $_SERVER['REQUEST_URI'] = '/' . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI']; $conf = array( 'reverse_proxy' => TRUE, 'reverse_proxy_addresses' => array($_SERVER['REMOTE_ADDR']), ); }