CODEWITHSUNDEEP
sslhttpshaproxy
Andrzej Jędrzejewski
Andrzej Jędrzejewski

Reputation: 51

wordpress(nginx) https vs. http (HAproxy)

I have problem with my wordpress connecting through https. When I use http everything work properly and site looks like: port 80 connection

When I add https (port 443) it looks like: port 443 connection

Here is my infrastructure:

Servers : Centos7 HAproxy: 1.5.4 Wordpress: 4.3.1 (no plugins) nginx: 1.6.3

My HAproxy conf file:

chroot  /var/lib/haproxy
daemon
group  haproxy
log  127.0.0.1 local2
maxconn  4000
pidfile  /var/run/haproxy.pid
stats  socket /var/lib/haproxy/stats
tune.ssl.default-dh-param  2048
user  haproxy
defaults
  log  global
  maxconn  8000
  mode  http
  option  redispatch
  option  forwardfor
  option  http-server-close
  option  httplog
  retries  3
  stats  enable
  timeout  http-request 10s
  timeout  queue 1m
  timeout  connect 10s
  timeout  client 1m
  timeout  server 1m
  timeout  check 10s
frontend www
  bind *:80
  default_backend www-backend
  option http-server-close
  reqadd X-Forwarded-Proto:\ http
frontend www-https
  bind *:443 ssl crt /etc/pki/tls/certs/haproxy.pem
  default_backend www-backend
  option http-server-close
  reqadd X-Forwarded-Proto:\ https
backend www-backend
  balance roundrobin
  redirect scheme https if !{ ssl_fc }
  server wp1 192.168.56.33:80 check
  server wp2 192.168.56.34:80 check

My nginx.conf file:

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

events {
    worker_connections 1024;
}

    log_format format_json '{"time": "$time_iso8601", '
                        '"remote_addr": "$remote_addr, '
                        '"remote_user": "$remote_user", '
                        '"body_bytes_sent": $body_bytes_sent, '
                        '"request_time": $request_time, '
                        '"status": $status, '
                        '"request": "$request", '
                        '"request_method": "$request_method", '
                        '"http_referrer": "$http_referer", '
                        '"http_user_agent": "$http_user_agent"}';

    access_log  /var/log/nginx/access.log format_json;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;

My wordpres.conf for nginx:

upstream php {
        server 127.0.0.1:9000;
}

server {
        listen 80 default_server;

        root /var/www/html/wordpress;

        index index.php;

        server_name wordpress;

        location / {
                # This is cool because no php is touched for static content.
                # include the "?$args" part so non-default permalinks doesn't break when using query string
                try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
                #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
                include fastcgi.conf;
                fastcgi_intercept_errors on;
                fastcgi_pass php;
        }

        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                expires max;
                log_not_found off;
        }
}

I would be grateful for any help.

Upvotes: 1

Views: 1640

Answers (1)

Andrzej Jędrzejewski
Andrzej Jędrzejewski

Reputation: 51

The solution:

Add these lines to the wp-config.php

define('WP_HOME','http://PROXY_ADDRESS');
define('WP_SITEURL','http://PROXY_ADDRESS');

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS']='on';

Important! Add it before those lines:

/* That's all, stop editing! Happy blogging. */

/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
        define('ABSPATH', dirname(__FILE__) . '/');

/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');

HAproxy.conf:

# This file managed by Puppet
global
  chroot  /var/lib/haproxy
  daemon
  group  haproxy
  log  10.0.2.15 local0
  maxconn  4000
  pidfile  /var/run/haproxy.pid
  stats  socket /var/lib/haproxy/stats
  tune.ssl.default-dh-param  2048
  user  haproxy

defaults
  log  global
  maxconn  8000
  mode  http
  option  redispatch
  option  forwardfor
  option  http-server-close
  option  httplog
  retries  3
  stats  enable
  timeout  http-request 10s
  timeout  queue 1m
  timeout  connect 10s
  timeout  client 1m
  timeout  server 1m
  timeout  check 10s

frontend www-https
  bind *:443 ssl crt /etc/pki/tls/certs/haproxy.pem
  mode http
  default_backend www-backend
  reqadd X-Forwarded-Proto:\ https if { ssl_fc }
  option forwardfor

backend www-backend
  balance roundrobin
  mode http
  option forwardfor
  option httpchk HEAD / HTTP/1.1\r\nHost:localhost
  server  wp1 192.168.56.67:33 check
  server  wp2 192.168.56.67:34 check
  http-request set-header X-Forwarded-Port %[dst_port]
  http-request add-header X-Forwarded-Proto https

Upvotes: 2

Related Questions