CODEWITHSUNDEEP
wordpressnginxnginx-reverse-proxy
PatricF
PatricF

Reputation: 419

nginx frontend over https and backend over http

I have nginx acting as a reverse proxy in front of a webserver running Wordpress. I'm not really sure if my problem is nginx, php or WordPress so I'm asking for help.

I have an nginx server running in Docker which acts as a reverse proxy. Behind this server there is a webserver, also running in Docker, running WordPress.

This all works fine when running over http. But I'm going over to https and I can't get this to work properly.

I get "mixed-mode" messages saying that style sheets and scripts are blocked because they are served over https. In WordPress I have added the following as seen here to wp-config.php:

define('FORCE_SSL_ADMIN', true);
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';

I have also changed this:

define('WP_HOME', 'https://www.example.com');
define('WP_SITEURL', 'https://www.example.com');

I have also changed everything in the database that refers to http://www.example.com to https://www.example.com

When I enter https://www.example.com I get 1 "mixed-content" warning about a style sheet being loaded over http even though there is one style sheet loaded just fine.

mixed-content

And if I enter https://www.example.com/wp-admin I get a lot of mixed content for style sheets and scripts.

wp-admin

All thses links are reachable over https but somehow they are still being served over http. I've search every file and everything in the database and I can't find any references to http://example.com anywhere.

This is the reverse proxy:

server {
    listen 80;
    server_name www.example.com example.com;
    return 301 https://www.example.com$request_uri;
}
    
server {
  listen        443 ssl;
  server_name   www.example.com example.com;

  ssl_certificate       /etc/ssl/private/example.com/example.com.crt;
  ssl_certificate_key   /etc/ssl/private/example.com/example.com.key;

  location / {
    proxy_pass  http://10.0.100.10:8082;
    proxy_set_header    X-Real-IP               $remote_addr;
    proxy_set_header    Host                    $host;
    proxy_set_header    X-Forwarded-For         $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Ssl         on;
    proxy_set_header    X-Forwarded-Proto       $scheme;
  }
}

And this is the backend

server {
    server_name _;

    listen 80;

    root /var/www/myapp;
    index index.php index.html index.htm;

    access_log /var/log/nginx/back-access.log;
    error_log /var/log/nginx/back-error.log;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    # PHP-FPM Configuration Nginx
    location ~ \.php$ {
        try_files $uri = 404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass php-domain:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param REQUEST_URI $request_uri;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }
}

Can anyone understand why this is happening and where the problem is?

Upvotes: 0

Views: 3058

Answers (1)

Ivan Shatsky
Ivan Shatsky

Reputation: 15527

I'm not sure you are passing the X-Forwarded-Proto HTTP header to your FastCGI backend with this configuration. Can you try this one?

    location ~ \.php$ {
        try_files $uri = 404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass php-domain:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param REQUEST_URI $request_uri;
        fastcgi_param HTTP_X_FORWARDED_PROTO $http_x_forwarded_proto if_not_empty;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }

If it doesn't help, add your fastcgi_params file contents to the question.

Update

There is a way to do it without altering the wp-config.php at all:

map $http_x_forwarded_proto $fastcgi_https {
    https   on;
    default $https;
}
server {
    ...
    location ~ \.php$ {
        try_files $uri = 404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass php-domain:9000;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param REQUEST_URI $request_uri;
        fastcgi_param HTTP_X_FORWARDED_PROTO $http_x_forwarded_proto if_not_empty;
        fastcgi_param HTTPS $fastcgi_https if_not_empty;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
    }
}

Upvotes: 1

Related Questions