
The situation with SSL and Drupal 7 is all a bit of a mess, there is a module - Secure Pages - which allows mixed use, but it seems to be riddled with problems and needs core to be patched! So, what is the alternative? After a frustrating day, I've finally got the method, so here it is before I forget...
In settings php you need to add the following - it is NOT there in the default version:
$_SERVER['HTTPS'] = 'on';
This then works with these re-write rules which are now baked into D7 .htaccess
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
Also in settings.php you will need to set the base url to:
$base_url = 'https://mydomain.com';
or your css will not load.
Thirdly, these redirect settings need to go into the top of the root .htaccess file:
# Redirect to HTTPS
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Once you have all that in place, clear the cache, clear varnish and you should be good to go. More info can be found here:
http://drupal.stackexchange.com/questions/24072/how-to-simply-make-the-w...
https://www.drupal.org/https-information#comment-5922430