How to fix links without https in Platform.sh

This content was written more than a year ago. Please note that some (or many) of its recommendations, code samples, resources or solutions may be outdated.

A few days ago I got a warning in the Facebook Debugger that the canonical routes of Canamo.net were pointing to the http version, without that of Securitè.

Browsing the Metatag issues, I discovered that this happens when there is some kind of reverse proxy, including CDNs. And sure enough, I suddenly fell that Platform.sh serves used to serve content from a CDN (I just found out that now it only happens on the more expensive plans, maledetti).

The solution to the problem is to add these lines in the settings.php file

$settings['reverse_proxy'] = TRUE;
$settings['reverse_proxy_addresses'] = array($_SERVER['REMOTE_ADDR']);

Even without CDN, it seems that the platform.sh infrastructure makes use of some reverse proxy or similar. I have not been able to find more information about the exact infrastructure, but in a ticket they have confirmed to me that this is correct.

It is also noteworthy that this information is not present in Drupal's documentation in platform.sh nor in their settings.php templates.

Since the IP range is variable, you have to use the array($_SERVER['REMOTE_ADDR']) value. Drupal warns that this value makes you susceptible to IP spoofing but from platform.sh they tell me that it is a private range and is not susceptible to this kind of problems.

Extra ball: an article with more info about why reverse_proxy entries in Drupal8/9 and the death of Drupal 7's mythical $base_url.