Recently I had the pleasure to setup Contao (https://contao.org/) in the Amazon cloud (AWS – Elastic Beanstalk). Therefore I had to enable HTTPS behind loadbalancers. The problem was, that the AWS-Loadbalancer is the SSL Endpoint / SSL Terminator in an AWS Beanstalk – architecture.

Contao didn’t recognize, that it was running under HTTPS and therefore set the wrong base-tag href protocol although the following HTTP-headers where sent by the loadbalancer when delegating the request to the finely responding Apache Webserver:

HTTP_X_FORWARDED_FOR  88.88.88.88
HTTP_X_FORWARDED_PORT   443
HTTP_X_FORWARDED_PROTO  https

Despite I’d called the page via HTTPS and had installed a valid SSL-certificate, I got SSL warnings, when calling the application in a browser.

I found the solution on Stack Overflow (answer from fritzmg) and added the mentioned lines to my CONTAOROOT/system/config/initconfig.php:

<?php

// Put your custom configuration here
// @see http://stackoverflow.com/questions/36773112/contao-how-can-i-change-the-protocol-of-the-base-url
# enable SSL through
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && 'https' === $_SERVER['HTTP_X_FORWARDED_PROTO'])
{
    $_SERVER['HTTPS'] = 1;
}

That finely solved my problem and the base tag was generated correctly.