wordpress with Nginx + fastcgi_cache with ssl but behind haproxy

Ali Mohsin aliofthemohsins at gmail.com
Tue Feb 9 04:08:25 UTC 2021


Hi, normally when I get infinite loop with ssl, its usually because of
redirection of http to https. Sometimes front proxy (cloudflare or haproxy)
is expecting simple http traffic and it gets https traffic and vice versa.
Also check your wordpress settings and its url. Try changing it.
And why are you using so much stuff just for wordpress? Simple nginx,
php-fpm, fcgi cache works for me. And rate limiting works in nginx too. Try
simplifying the setup so there are less variables to deal with.

On Mon, 8 Feb 2021, 10:16 PM Rainer Duffner, <rainer at ultra-secure.de> wrote:

> Hi,
>
> I have an interesting problem.
>
> I have apache behind Nginx behind haproxy.
>
> SSL is terminated with haproxy (because haproxy can load all certificates
> from a single directory, and because some rate-limiting stuff is easier
> with haproxy).
> This makes using Let’s Encrypt easier.
>
> Sometimes, I want to do Nginx + fastcgi + php-fpm directly, without apache
> (it’s measurably faster).
>
> For apache, you need this in the configuration:
>
> proxy_set_header X-Forwarded-Proto  $http_x_forwarded_proto;
>
> (and for good measure, also this:
> SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on
> )
>
> For fast-cgi, one also needs this in the configuration (fastcgi_params):
>
> fastcgi_param  HTTPS              $fwd_ssl;
>
>
> $fwd_ssl is generated by this map:
>
>   map $http_x_forwarded_proto $fwd_ssl {
>         http    off;
>         https   on;
>   }
>
> in the global http section.
>
> In wordpress, when I enable „Really Simple SSL“, I get a redirect loop (to
> https) on the front-page (as an unauthenticated user) but the backend works.
>
> I wonder what wordpress is missing so that it still thinks the connection
> is coming over http instead of https.
>
>
>
> Any ideas?
>
> Best Regards
> Rainer
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210209/ac36ba3f/attachment.htm>


More information about the nginx mailing list