PHP not understanding https when behind a proxy

[Eliepse]

Hello,
I have a frankenphp docker running a wordpress site. The docker is behind an Nginx proxy.
The https/ssl are handled by the Nginx proxy, and I use the 80 port to access the website. Still, the wordpress site doesn't seem to understand that it's running under secure requests. This leads to bad scheme on generated url or loop redirections when accessing the admin panel.

What I don't understand is that the X-Forwarded-Proto headers are set, but PHP still don't understand it's secure. I tried multiple things like proxying to the 443 port, or disabling the 443 entirely but I still had no luck.

For the Caddyfile, I'm following the one from the frankenphp-wordpress template
Here is my nginx proxy config actually :

location / {
    proxy_pass                         http://localhost:7003;
    proxy_set_header                   Host $host;
    proxy_http_version                 1.1;
    proxy_cache_bypass                 $http_upgrade;
    
    # Proxy SSL
    proxy_ssl_server_name              on;
    
    # Proxy headers
    proxy_set_header Upgrade           $http_upgrade;
    proxy_set_header Connection        $connection_upgrade;
    proxy_set_header X-Real-IP         $remote_addr;
    proxy_set_header Forwarded         $proxy_add_forwarded;
    proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host  $host;
    proxy_set_header X-Forwarded-Port  $server_port;
    
    # Proxy timeouts
    proxy_connect_timeout              60s;
    proxy_send_timeout                 60s;
    proxy_read_timeout                 60s;
}

I'm probably doing something wrong, but I can't even figure out if it's on the nginx side, caddy side or php config side.

[dunglas]

Did you add your proxy to the trusted list? https://caddyserver.com/docs/caddyfile/options#trusted-proxies

[Eliepse]

Thank you for the help! I did trusted the proxy. I finally found a fix ! Wordpress doesn't recognize "Forwarded" header natively, it only checks the $_SERVER["SERVER_PORT"] which is "80" in my case. The documentation indicate a solution, but it was hard to find!

https://developer.wordpress.org/reference/functions/is_ssl/

[withinboredom]

Also, did you tell WordPress that it is running securely?

Make sure WP_HOME is set to an HTTPS URL in your wp-config.php. This is the only variable used to generate links in WordPress, so if it is set to http (or absent), that's what it will generate.

[Eliepse]

Thank for the help :) I did set this env, but turns out worpress ignore it in some cases. It checks the SERVER_PORT that is set to "80" in my case. By digging up the API documentation, I finally found the source of the problem where the doc indicate a workaround : https://developer.wordpress.org/reference/functions/is_ssl/