CODEWITHSUNDEEP
wordpress.htaccesssslnginx
ddelizia
ddelizia

Reputation: 1571

Wordpress with ssl and reverse proxy (nginx)

I'm adding a nginx server in front of my wordpress website. Also I added my ssl certificate on nginx in order to secure my website via https.

With the configuration I pasted down here, If I access the frontend with the twentysixteen theme I get the following error in the chrome JS console:

Mixed Content: The page at 'https://my.website.it/' was loaded over HTTPS, but requested an insecure script 'http://my.website.it/wp-content/themes/twentysixteen/js/functions.js?ver=20150825'. This request has been blocked; the content must be served over HTTPS.

while if I access the https://my.website.it/wp-admin I'm being redirected to https://wp-admin/

Here is the configuration of my wordpress:

Here goes the configuration for the Wordpress Server:

wp-config.php

$_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
define('FORCE_SSL_ADMIN','true');
define('WP_SITEURL','https://my.website.it');
define('WP_HOME','https://my.website.it');

my .htaccess

RewriteEngine On
RewriteCond %{HTTP_HOST} !^wploadbalance$ [NC]
RewriteRule ^(.*)$ https://my.website.it/$1 [L,R=301]

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Here goes the configuration of my nginx server:

server {
       listen 80;
       server_name    my.website.it;
       return         301 https://$server_name$request_uri;
}

server {
       listen 443;
       server_name my.website.it;

       ssl                  on;
       ssl_certificate      /etc/ssl/certificate/certificate.crt;
       ssl_certificate_key  /etc/ssl/private/mprivate.key;

       ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
       ssl_ciphers    EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;

       ssl_prefer_server_ciphers  on;
       ssl_session_timeout        10m;
       ssl_session_cache          shared:SSL:10m;

       location / {
           proxy_pass http://wploadbalance;
           client_max_body_size 20M;

           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

           proxy_set_header X-Forwarded-Proto https;

           proxy_redirect off;

           proxy_buffers 64 4k;
    }
}

upstream wploadbalance{
        least_conn;
        server wordpress;
}

Upvotes: 2

Views: 2382

Answers (2)

mixel
mixel

Reputation: 25846

Instead of adding lines to wp-config.php you can add following line directly to Apache VirtualHost configuration or .htaccess:

SetEnvIf X-Forwarded-Proto https HTTPS=on

and this line to Apache2 config:

LoadModule setenvif_module libexec/apache22/mod_setenvif.so

Upvotes: 1

mixel
mixel

Reputation: 25846

Add these lines to wp-config.php:

if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) 
    && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
    $_SERVER['HTTPS'] = 'on';
}

Upvotes: 1

Related Questions