You can only login via HTTPS

[MultiformeIngegno]

I just tried upgrading my forum from 2.0.15 to 2.1 RC1 (actually the current branch on GitHub). I run the upgrade script but when I try to go to the home page I see this error: "You can only login via HTTPS".
I am always redirected to /?sslRedirect. The problem is that I AM logged in using https. I tried opening a private browsing tab and going directly to https://mysite but I still see the error:



EDIT: Seems to be related to this https://sea-region.github.com/SimpleMachines/SMF2.1/issues/5115

I'm on PHP 7.2, database is MySQL and I had https working with 2.0.15

[Arantor]

Do you have nginx as a proxy in front of Apache?

[MultiformeIngegno]

Do you have nginx as a proxy in front of Apache?

I'm on Gandi's Simple Hosting (they're just using Apache). I am using Cloudflare as proxy (and to serve the SSL certificate).

[Arantor]

Ah so there's likely your problem - it sounds like SNI termination: Cloudflare will handle the certificate, but by the time it gets to SMF, it's not actually using HTTPS between Cloudflare and your server so your server thinks it's running HTTP.

I forget which option you need to turn off but there's one of the new options in 2.1 that has been turned on to force HTTPS login.

[MultiformeIngegno]

Yep, you were right. I generated a certificate and changed Cloudflare to connect to my server using https. That solved it. Maybe it'd be good to have some sort of explanation or have a check before enabling that option during the upgrade process..?

[albertlast]

Could you explain how smf can check this?

[Arantor]

Could you explain how smf can check this?

It can't. It shouldn't even try because it has literally no way of knowing it isn't supposed to use HTTPS mandatorily in this case.