[SOLVED] PrestaShop 9 SSL behind Traefik (or any reverse proxy) - redirect loops & mixed content fix

[MigrationPro]

Hi everyone,

I recently set up PrestaShop 9 behind Traefik as a reverse proxy handling SSL termination and ran into the classic redirect loop / mixed content issue. Sharing my solution here since I saw many older threads about this but none covering PS9 specifically.

The Problem

When a reverse proxy (Traefik, Nginx, Caddy, Apache, etc.) terminates SSL, PrestaShop's backend only sees plain HTTP. It never detects that the client connection is actually HTTPS, which causes:

• Infinite redirect loops
• Mixed content warnings
• SSL showing as "disabled" in the Back Office

Root Cause

PrestaShop checks $_SERVER['HTTPS'] to determine if SSL is active. Behind a proxy, that variable is never set because the proxy-to-backend connection is unencrypted.

The Fix (4 steps)

Step 1: Make sure your proxy forwards the right headers

Your reverse proxy must send X-Forwarded-Proto, X-Forwarded-For, and Host headers. Traefik does this automatically. For Nginx you'd add:

proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;

Step 2: Tell PrestaShop to trust the proxy header

Add this near the top of config/defines.inc.php:

if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
    $_SERVER['HTTPS'] = 'on';
}

This is the key fix. It reads the forwarded header and sets the variable PrestaShop expects.

Step 3: Enable SSL in PrestaShop

Option A - Console (recommended for PS9):

php bin/console prestashop:config set PS_SSL_ENABLED --value 1
php bin/console prestashop:config set PS_SSL_ENABLED_EVERYWHERE --value 1

Option B - Back Office:
Shop Parameters > General > Enable SSL = Yes, Enable SSL on all pages = Yes

Option C - SQL (if you're locked out due to redirect loops):

UPDATE ps_configuration SET value = '1' WHERE name = 'PS_SSL_ENABLED';
UPDATE ps_configuration SET value = '1' WHERE name = 'PS_SSL_ENABLED_EVERYWHERE';

(Replace ps_ with your table prefix if different.)

Step 4: Verify your Shop URL settings

In Shop Parameters > Traffic & SEO > Shop URL, make sure both "Shop domain" and "SSL domain" are set to your public domain (just the domain, no https:// prefix).

Things to watch out for

• defines.inc.php is more upgrade-safe than settings.inc.php, but check it after PrestaShop updates.
• Payment modules (PayPal, Stripe, etc.) check PS_SSL_ENABLED independently in the database, so Step 3 matters even if Step 2 already makes HTTPS work visually.
• Do NOT edit classes/Link.php — it gets overwritten on updates.
• Traefik forwards X-Forwarded-Proto by default; Nginx, Apache, and Caddy all need it configured explicitly.

Hope this saves someone a few hours. Let me know if you have questions or a different setup where this didn't work.