Lately I was working on exposing content with LTI (lti_tool_provider). Main idea is that some content (usually related to learning courses) to be exposed to other systems by embedding it with iframe. There is a OAuth authentication system in place so content can't be reused without authorization.

Everything worked fine till the moment of releasing to actual hosting (Acquia in this case). It took me few hours to debug the problem (OAuth signature was failing). The problem was with the way ssl got terminated. In OAuth signature generation $_SERVER['SERVER_PORT'] is being used (). On Acquia environment ssl got terminated before hitting web server. So actually the port is 80 instead of 443 even with url starts on 'https://'. So on client side request is signed with port 443 and on server it is 80. Actual patch is pretty trivial (https://www.drupal.org/node/2755123), but problem is extremely tricky to debug.

Big thanks to creators of LTI module for Drupal. It saved a lot of time!