I'm running an web application that I developed using CakePHP(1.3) on cloudControl.
Using their piggyback SSL, I can access the app fine via https:// but all redirects go to http://.
If I manually change the url, I can access everything via https:// but this only persists until the next time a redirect is issued, and then I'm back on http://.
This doesn't happen in my local environment, so I'm wondering if it's something to do with cloudControl, or the piggyback SSL.
How can I prevent being unexpectedly redirected from https:// to http://?
The load balancer of cloudController probably listens to https requests and forwards them to your application server over http - possibly setting a X-Forwaded-Proto header. This is a typical setup so that only the external request bears the overhead of ssl encryption.
Because it's actually on a http connection that the server receives, any absolute urls generated by the router, such as when a redirect is issued, will use http:// by default, and not https://, as that is the protocol by which the application server is being accessed.
To override this, define the url to use as the absolute root of the app so that it is used for all absolute urls.
i.e. put the following in the application bootstrap:
define('FULL_BASE_URL', 'https://example.com');