CODEWITHSUNDEEP
wordpresssslnginx
Fatimah Wulandari
Fatimah Wulandari

Reputation: 317

Implement SSL (Digital Ocean + Nginx + Cloudflare)

So I have a website hosted on Digital Ocean, using Nginx web server v.1.2.1 and using Wordpress CMS. After while I decide to use Cloudflare service. Cloudflare provide free Flexible SSL, and I want to use it for my website.

This is the nginx config of my website:

server {
       listen 80;
       #listen [::]:80 ipv6only=on default_server;
       server_name pasangbatu.com www.pasangbatu.com;
       root /srv/www/pasangbatu.com/public_html;
       access_log /srv/www/pasangbatu.com/logs/access.log;
       error_log /srv/www/pasangbatu.com/logs/error.log;

       if ($http_host != "www.pasangbatu.com") {
                 rewrite ^ http://www.pasangbatu.com$request_uri permanent;
       }


       index index.php index.html;
       location = /favicon.ico {
                log_not_found off;
                access_log off;
       }
       location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
       }

    # Use gzip compression
    # gzip_static on; # Uncomment if you compiled Nginx using --with-http_gzip_static_module
    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 5;
    gzip_buffers 16 8k;
    gzip_http_version 1.0;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/png image/gif image/jpeg;

        #location ~ ^/wp-content/cache/minify/[^/]+/(.*)$ {
        #        try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
        #}

    #location ~ ^/wp-content/plugins/wp-minify/min/[^/]+/(.*)$ {
    #   try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
    #   wp-minify/cache
    #}

    # Don't cache uris containing the following segments
    if ($request_uri ~* "(\/wp-admin\/|\/xmlrpc.php|\/wp-(app|cron|login|register|mail)\.php|wp-.*\.php|index\.php|wp\-comments\-popup\.php|wp\-links\-opml\.php|wp\-locations\.php)") {
        set $cache_uri "no cache";
    }

    # Don't use the cache for logged in users or recent commenters
    if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp\-postpass|wordpress_logged_in") {
        set $cache_uri 'no cache';
    }



    # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
       location ~ /\. {
                deny all;
                access_log off;
                log_not_found off;
       }
       location / {
                try_files $uri $uri/ /index.php?$args;
       }

       # Add trailing slash to */wp-admin requests.
       rewrite /wp-admin$ $scheme:http://$host$uri/ permanent;

    # Cache static files for as long as possible - removed xml as an extension to avoid problems with Yoast WordPress SEO plugin which uses WP rewrite API.
    location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
        try_files $uri =404;
        expires max;
        access_log off;
    }

    # Pass PHP scripts on to PHP-FPM
    location ~* \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        try_files $uri /index.php;
        fastcgi_index index.php;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        #fastcgi_pass 127.0.0.1:9000;
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param SCRIPT_NAME $fastcgi_script_name;
      }
}

I have tried to change if ($http_host !="www.pasangbatu.com") { to something like this :

if ($http_host != "www.pasangbatu.com") {
                     rewrite ^ https://www.pasangbatu.com$request_uri permanent;
           }

I restart nginx and refresh my web, I got ssl enabled on homepage. but If I go to another page/ click article link, the page back to http protocol not https.

If I disable if condition block and just write like this:

rewrite ^ https://www.pasangbatu.com$request_uri permanent;

my website return "To many redirect bla bla bla".

How to enable https to all my pages? Need your help,

Thanks.

Upvotes: 0

Views: 347

Answers (1)

mjsa
mjsa

Reputation: 4409

So essentially this issue comes down to the fact your web server sees the connection over HTTP when using Flexible SSL (whilst the connection from the origin to the browser is over HTTPS).

In order to get around this you will need to hook into the X-Forwarded-Proto header in your Nginx config.

A plugin like the CloudFlare Flexible SSL plugin may also be of use to you.

By using CloudFlare's Page Rules you are able to effectively redirect HTTP to HTTPS traffic.

Upvotes: 1

Related Questions