WordPress Docker 通过 NGINX SSL 反向代理无法按预期工作
WordPress Docker over NGINX SSL reverse proxy doesn't work as expected
当我使用 NGINX 为 WordPress Docker 容器创建反向代理时,WordPress 将 WordPress Address (URL) 和 Site Address (URL) 指定为 https://hiddenurl.com:443。所以我所有的链接都包含端口 443,如果我删除这个端口,由于无限重定向循环,该网站将无法再访问。
我已在 wp-config.php 中输入应该通过 $_SERVER['HTTPS'] = 'on'; 激活 SSL。
NGINX 配置:
location ~ /(?<wppath>.*) {
rewrite ^/(.*) / break;
client_max_body_size 100M;
proxy_pass http://127.0.0.1:7676/$wppath$is_args$args;
proxy_http_version 1.1;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-forwarded protocol https;
proxy_set_header upgrade $http_upgrade;
proxy_set_header Connection "upgrade
}
这会导致域 hiddenurl.com 正常工作,但 hiddenurl.com/about 会重定向到 127.0.0.1/about。
重定向似乎来自 WordPress:
我通过将其用作 nginx 配置解决了这个问题:
location / {
proxy_pass http://127.0.0.1:7676;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
并将其附加到 wp-config.php
的顶部
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
$_SERVER['HTTPS'] = '1';
if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
$_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
}
我也有一个 WordPress 301 重定向循环,使用 WordPress 容器在 nginx 反向代理后面的端口 80 上服务,配置如下:
server {
# SSL configuration
#
listen 443 ssl;
listen [::]:443 ssl;
server_name _______.com.au www._______.com.au;
proxy_redirect off;
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://192.168.0.0:6080/;
}
ssl_certificate /etc/letsencrypt/live/_______.com.au/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/_______.com.au/privkey.pem; # managed by Certbot
}
server {
if ($host = www._______.com.au) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = _______.com.au) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name _______.com.au www._______.com.au;
return 301 https://_______.com.au$request_uri;
}
我的 wp_config.php 使用的是官方 WordPress Docker 容器生成的默认配置。 canonical.php函数出现问题是因为nginx配置中的这一行:
proxy_set_header Host $host:$server_port;
当 url 传递到 canonical.php 函数时,设置了 301 重定向循环,因为 https://______.com.au:443 与 https://______.com.au 不同。删除 $server_port 解决了我的问题:
proxy_set_header Host $host;
我希望我耗时的调查可以节省一些时间!
当我使用 NGINX 为 WordPress Docker 容器创建反向代理时,WordPress 将 WordPress Address (URL) 和 Site Address (URL) 指定为 https://hiddenurl.com:443。所以我所有的链接都包含端口 443,如果我删除这个端口,由于无限重定向循环,该网站将无法再访问。
我已在 wp-config.php 中输入应该通过 $_SERVER['HTTPS'] = 'on'; 激活 SSL。
NGINX 配置:
location ~ /(?<wppath>.*) {
rewrite ^/(.*) / break;
client_max_body_size 100M;
proxy_pass http://127.0.0.1:7676/$wppath$is_args$args;
proxy_http_version 1.1;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-forwarded protocol https;
proxy_set_header upgrade $http_upgrade;
proxy_set_header Connection "upgrade
}
这会导致域 hiddenurl.com 正常工作,但 hiddenurl.com/about 会重定向到 127.0.0.1/about。
重定向似乎来自 WordPress:
我通过将其用作 nginx 配置解决了这个问题:
location / {
proxy_pass http://127.0.0.1:7676;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 86400;
}
并将其附加到 wp-config.php
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
$_SERVER['HTTPS'] = '1';
if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
$_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
}
我也有一个 WordPress 301 重定向循环,使用 WordPress 容器在 nginx 反向代理后面的端口 80 上服务,配置如下:
server {
# SSL configuration
#
listen 443 ssl;
listen [::]:443 ssl;
server_name _______.com.au www._______.com.au;
proxy_redirect off;
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://192.168.0.0:6080/;
}
ssl_certificate /etc/letsencrypt/live/_______.com.au/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/_______.com.au/privkey.pem; # managed by Certbot
}
server {
if ($host = www._______.com.au) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = _______.com.au) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name _______.com.au www._______.com.au;
return 301 https://_______.com.au$request_uri;
}
我的 wp_config.php 使用的是官方 WordPress Docker 容器生成的默认配置。 canonical.php函数出现问题是因为nginx配置中的这一行:
proxy_set_header Host $host:$server_port;
当 url 传递到 canonical.php 函数时,设置了 301 重定向循环,因为 https://______.com.au:443 与 https://______.com.au 不同。删除 $server_port 解决了我的问题:
proxy_set_header Host $host;
我希望我耗时的调查可以节省一些时间!