I'll do my best to explain the issue (Note: I see the same behavior from CiviCRM - it does not recognize the SSL either)

When I use the setup page (/admin/settings/securepages) to establish the base URL's for HTTP & HTTPS, the setting to "Enable Secure Pages" is locked to "Disabled", even when I hit the page from an HTTPS base URL.

My host does not put the SSL Cert in CPanel, but because they are a clustered hosting solution they have the SSL on the edge load balancers. Here is a excerpt from a support email to me from my hosting provider:

In cPanel, you will not see anything regarding SSL as that is not where its installed, we have a cluster of servers so your certificate is actually on our edge load balancers.
Our edge system inserts a cookie called HTTP_SECURE, your application
We have added the below code to your .htaccess, which we hope will resolve your issue, please let us know if this is suitable.

RewriteCond %{HTTP_SECURE} ^YES$
RewriteRule ^(.*)$ $1 [E=HTTPS:ON,E=SERVER_PORT:443]

I confess that I do not know enough of how Drupal and these modules might look to check for HTTPS, except to say that it's probably in the PHP.INI somewhere.

I am attempting to migrate my business to a "clustered" solution, one that eases the memory limits and speed constraints of the traditional hosting solutions, therefore, I hope that there is a solution for this challenge. Thanks for reading this, and for any advice.

jgaryt

Comments

jgaryt’s picture

jgaryt commented

A subsequent email from my hosting provider stated the following:

We believe we have resolved the issue by determining that Drupal has a less than ideal way of determining the way it detects SSL. We changed the capitalized ON in the .htaccess to a lower case, so that it should be:

RewriteRule ^(.*)$ $1 [E=HTTPS:on,E=SERVER_PORT:443] instead of RewriteRule ^(.*)$ $1 [E=HTTPS:ON,E=SERVER_PORT:443]

And it did indeed fix the Secure Pages module, but it did not fix the CiviCRM module issue, so it's not a cure-all. Any further input would be valued.

Jgaryt

mrfelton’s picture

mrfelton commented

I too have this probem Although I am running with Nginx and not Apache.

gordon’s picture

gordon commented

Basically the problem is the $_SERVER['HTTPS'] is not being set to 'on'. If PHP don't know that it is secure mode then it will secure pages will not know.

Basically do a phpinfo() from a secure page and see what you get. What indicates that the page is currently in secure mode.

wqmeng’s picture

wqmeng commented

If you are on Nginx, Then add the little code in your Nginx conf file.

fastcgi_param HTTPS on;

Here is all the code in my host conf at the php section.

  location ~ .*\.(php|php5)?$
  {
    #fastcgi_pass  unix:/tmp/php-cgi.sock;
    fastcgi_pass  127.0.0.1:9000;
    fastcgi_index index.php;
    include fcgi.conf;
    fastcgi_param HTTPS on;
  }

Reload your nginx server, then you may get the enable box active.

mrfelton’s picture

mrfelton commented

was just about to say the same... thats what I do and it works for me.

gordon’s picture

gordon commented
Version: 6.x-1.7-beta2 » 6.x-1.x-dev
Status: Active » Fixed

I have added it to a new FAQ.txt file with reference to this.

Gordon.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.