menu

Questions & Answers

Wordpress on Docker behind nginx reverse proxy using SSL

Here is my problem,

I need to install a wordpress application on a subdirectory url ("https://test.com/blog/"). Since my whole environment is running on Docker, I decided to do the same with the wordpress app.

To start it as simple as possible, I added the wordpress image to my docker-compose.yml, and made a subdomain ("http://blog.test.com" which was not using https) fall on the application with my nginx reverse proxy.

It worked well and I installed my wordpress like that.

Now I'm trying to migrate this to my initial need and my problem is that everything works "well", unless I can't access the admin url (https://test.com/blog/admin) because it keeps redirects on https://test.com/blog/wp-admin and I get a "Too many redirects" error.

Here is my nginx configuration :

server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name test.com;
  return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    server_name test.com;

    error_log /var/log/nginx/test_error.log;
    access_log /var/log/nginx/test_access.log;

    location /blog/ {
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/test-htpasswd;
        proxy_pass http://127.0.0.1:8090;
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_read_timeout    90;
        proxy_connect_timeout 90;
        proxy_redirect        off;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $proxy_connection;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
        proxy_set_header X-Forwarded-Port 443;

    # Mitigate httpoxy attack (see README for details)
           proxy_set_header Proxy "";
    }

    location / {
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/test-htpasswd;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:8082;
    }

    ssl_certificate /etc/letsencrypt/live/test.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/test.com/privkey.pem; # managed by Certbot

    add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
}


I also added the following at the top of wp-config.php file in the wordpress container :

define('FORCE_SSL_ADMIN', true);

if($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'){

    $_SERVER['HTTPS'] = 'on';
    $_SERVER['SERVER_PORT'] = 443;
}

define('WP_HOME','https://test.com/blog/');
define('WP_SITEURL','https://test.com/blog/');

What I noticed is if I try to print the $_SERVER variable by doing

var_dump($_SERVER);

in wp-config.php, there isn't any of the nginx proxy variables.

Here is the output :

array(42) { 
["REDIRECT_STATUS"]=> string(3) "200" 
["HTTP_HOST"]=> string(15) "test.com"
["HTTP_X_REAL_IP"]=> string(15) "itsmyip"
["HTTP_CONNECTION"]=> string(5) "close"
["HTTP_CACHE_CONTROL"]=> string(9) "max-age=0"
["HTTP_UPGRADE_INSECURE_REQUESTS"]=> string(1) "1"
["HTTP_USER_AGENT"]=> string(104) "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36"
["HTTP_SEC_FETCH_USER"]=> string(2) "?1"
["HTTP_ACCEPT"]=> string(124) "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
["HTTP_SEC_FETCH_SITE"]=> string(4) "none"
["HTTP_SEC_FETCH_MODE"]=> string(8) "navigate"
["HTTP_ACCEPT_ENCODING"]=> string(17) "gzip, deflate, br"
["HTTP_ACCEPT_LANGUAGE"]=> string(35) "fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7"
["HTTP_COOKIE"]=> string(547) "_lfa=eyJYYnAxb2FFR2RSazdFZFZqIjoiTEYxLjEuNGFiNTNhYjI1ZWMwNDE3MS4xNTk1OTM2MTk5MjIyIn0%3D; _ga=GA1.2.1198854717.1595936200; _gid=GA1.2.2083987609.1595936200; _hjid=51fe1835-b72b-4957-873f-dc4147a455fc; _hjIncludedInSample=1; _fbp=fb.1.1595936200807.1293959861; __zlcmid=zPjJja34jXiPWc; PHPSESSID=bo5jv9md5j6kmtomigjgi2bdnl; REMEMBERME=VGhpdmVvXENvcmVCdW5kbGVcRW50aXR5XFVzZXI6Y21Gd2FHRmxiQzV3WlhKamFHVmpLM1JsYzNSaGNtTm9hVzFsWkdWQVoyMWhhV3d1WTI5dDoxNjI3NDcyMjI1Ojg5MWY3ZGM1M2QyMmQyNzdiNWI3MjQ5NTY4NThkZWE5MWIxYmU2NjUzM2EzMmQ5Yzc5MzFjOWJmM2E4ZDliNjk%3D" ["PATH"]=> string(60) "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
["SERVER_SIGNATURE"]=> string(76) "
Apache/2.4.38 (Debian) Server at test.com Port 80
" 
["SERVER_SOFTWARE"]=> string(22) "Apache/2.4.38 (Debian)"
["SERVER_NAME"]=> string(15) "test.com"
["SERVER_ADDR"]=> string(11) "itsmyip"
["SERVER_PORT"]=> string(2) "80"
["REMOTE_ADDR"]=> string(15) "itsmyip"
["DOCUMENT_ROOT"]=> string(13) "/var/www/html"
["REQUEST_SCHEME"]=> string(4) "http"
["CONTEXT_PREFIX"]=> string(0) "
" ["CONTEXT_DOCUMENT_ROOT"]=> string(13) "/var/www/html"
["SERVER_ADMIN"]=> string(19) "webmaster@localhost"
["SCRIPT_FILENAME"]=> string(23) "/var/www/html/index.php"
["REMOTE_PORT"]=> string(5) "38136"
["REDIRECT_URL"]=> string(12) "/blog/"
["GATEWAY_INTERFACE"]=> string(7) "CGI/1.1"
["SERVER_PROTOCOL"]=> string(8) "HTTP/1.0"
["REQUEST_METHOD"]=> string(3) "GET"
["QUERY_STRING"]=> string(0) ""
["REQUEST_URI"]=> string(12) "/blog/"
["SCRIPT_NAME"]=> string(10) "/index.php"
["PHP_SELF"]=> string(10) "/index.php"
["REQUEST_TIME_FLOAT"]=> float(1595941685.61)
["REQUEST_TIME"]=> int(1595941685)
["argv"]=> array(0) { } 
["argc"]=> int(0) 

Do you have any idea ?

Answers(2) :

Actually I found my way through it ! I had an error in my nginx configuration and if anyone is interested, here is my final working configuration :

nginx.conf file (wordpress bloc) :

location /blog/ {
        proxy_pass http://127.0.0.1:8093/;
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_read_timeout    90;
        proxy_connect_timeout 90;
        proxy_redirect        off;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Port 443;
        proxy_set_header Proxy "";
    }

Here is what I added at the top of wp_config.php file of my wordpress container :

define('FORCE_SSL_ADMIN', true);

$_SERVER['REQUEST_URI'] = str_replace("/wp-admin/", "/blog/wp-admin/",  $_SERVER['REQUEST_URI']);

if($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'){

    $_SERVER['HTTPS'] = 'on';
    $_SERVER['SERVER_PORT'] = 443;
}

define('WP_HOME','https://test.com/blog/');
define('WP_SITEURL','https://test.com/blog/');

Cheers !

Comments:
2023-01-18 00:05:09
Tried, RPi NGINX Reverse proxy ,to another local RPi with wordpress. Above setting worked perfectly !!! Thanks
2023-01-18 00:05:09
Nice help, It's worked
2023-01-18 00:05:09
Thanks ! Saved my day !
2023-01-18 00:05:09
I am using this configuration, but still getting too many redirects only for home page.
2023-01-18 00:05:09
@Manish be careful about '/' in configuration, if you want you can share your nginx conf + wp-config.php and I can have a look

With your nginx conf + wp-config.php, I can reach WordPress from Internet. But when I login to blog, say, 'testsite.com/blog/wp-admin' after submitted WP username and password, I can't login.

Comments:
2023-01-18 00:05:09
As it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center.