wordpress with Nginx + fastcgi_cache with ssl but behind haproxy

Rainer Duffner rainer at ultra-secure.de
Mon Feb 8 17:16:32 UTC 2021


I have an interesting problem.

I have apache behind Nginx behind haproxy.

SSL is terminated with haproxy (because haproxy can load all certificates from a single directory, and because some rate-limiting stuff is easier with haproxy).
This makes using Let’s Encrypt easier.

Sometimes, I want to do Nginx + fastcgi + php-fpm directly, without apache (it’s measurably faster).

For apache, you need this in the configuration:

proxy_set_header X-Forwarded-Proto  $http_x_forwarded_proto;

(and for good measure, also this:
SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on

For fast-cgi, one also needs this in the configuration (fastcgi_params):

fastcgi_param  HTTPS              $fwd_ssl;

$fwd_ssl is generated by this map:

  map $http_x_forwarded_proto $fwd_ssl {
        http    off;
        https   on;

in the global http section.

In wordpress, when I enable „Really Simple SSL“, I get a redirect loop (to https) on the front-page (as an unauthenticated user) but the backend works.

I wonder what wordpress is missing so that it still thinks the connection is coming over http instead of https.

Any ideas?

Best Regards

More information about the nginx mailing list