wordpress with Nginx + fastcgi_cache with ssl but behind haproxy
Rainer Duffner
rainer at ultra-secure.de
Mon Feb 8 17:16:32 UTC 2021
Hi,
I have an interesting problem.
I have apache behind Nginx behind haproxy.
SSL is terminated with haproxy (because haproxy can load all certificates from a single directory, and because some rate-limiting stuff is easier with haproxy).
This makes using Let’s Encrypt easier.
Sometimes, I want to do Nginx + fastcgi + php-fpm directly, without apache (it’s measurably faster).
For apache, you need this in the configuration:
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
(and for good measure, also this:
SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on
)
For fast-cgi, one also needs this in the configuration (fastcgi_params):
fastcgi_param HTTPS $fwd_ssl;
$fwd_ssl is generated by this map:
map $http_x_forwarded_proto $fwd_ssl {
http off;
https on;
}
in the global http section.
In wordpress, when I enable „Really Simple SSL“, I get a redirect loop (to https) on the front-page (as an unauthenticated user) but the backend works.
I wonder what wordpress is missing so that it still thinks the connection is coming over http instead of https.
Any ideas?
Best Regards
Rainer
More information about the nginx
mailing list