New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How to run wordpress behind HOST nginx? #251

Closed
skupfer opened this Issue Nov 19, 2017 · 7 comments

Comments

Projects
None yet
4 participants
@skupfer

skupfer commented Nov 19, 2017

Hello there,

how do I have to configure nginx to be able to run a dockerized wordpress setup? No, I do not intend to run a dockerized nginx and need/want it to be managed by my host.

I tried the following but I cannot get past the language setup

server {
    listen 80;
    server_name 10.211.55.14;

    rewrite ^(.*) https://$server_name$1 permanent;
}

server {
    listen 443 ssl;
    server_name 10.211.55.14;

    access_log /var/log/nginx/wordpress-access.log;
    error_log /var/log/nginx/wordpress-error.log;

    include /etc/nginx/snippets/ssl-wordpress.conf;
    include /etc/nginx/snippets/ssl-params.conf;

    location / {
        proxy_pass       http://localhost:7979;
        proxy_redirect   off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Forwarded-Proto https;
    }
}

For /wp-admin I receive "ERR_TOO_MANY_REDIRECTS" and for the front page css won't get loaded properly

I already added the following to wp-config.php

define('WP_HOME','http://10.211.55.14');
define('WP_SITEURL','http://10.211.55.14');
@skupfer

This comment has been minimized.

Show comment
Hide comment
@skupfer

skupfer Nov 20, 2017

Not sure whether the nginx setup is properly done so it would be great if someone could look into it (remember, nginx is running on host, mysql/wordpress is dockerized with the given .yml)

I added the following ONTOP of the wp-config.php file and got it working now. As it seems it MUST be placed as high as possible (which is a bad behavior anyways) or it won't work at all!

/**
 * For WordPress, force the protocol scheme to be HTTPS
 * when is_ssl() doesn't work, e.g. on a reverse proxied server
 * where _SERVER['HTTPS'] and _SERVER['SERVER_PORT'] don't
 * indicate that SSL is being used.
 */
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
    $_SERVER['HTTPS'] = '1';

if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
    $_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
}

Source

skupfer commented Nov 20, 2017

Not sure whether the nginx setup is properly done so it would be great if someone could look into it (remember, nginx is running on host, mysql/wordpress is dockerized with the given .yml)

I added the following ONTOP of the wp-config.php file and got it working now. As it seems it MUST be placed as high as possible (which is a bad behavior anyways) or it won't work at all!

/**
 * For WordPress, force the protocol scheme to be HTTPS
 * when is_ssl() doesn't work, e.g. on a reverse proxied server
 * where _SERVER['HTTPS'] and _SERVER['SERVER_PORT'] don't
 * indicate that SSL is being used.
 */
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https')
    $_SERVER['HTTPS'] = '1';

if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) {
    $_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
}

Source

@tianon

This comment has been minimized.

Show comment
Hide comment
@tianon

tianon Jan 4, 2018

Member

This block of code:

define('WP_HOME','http://10.211.55.14');
define('WP_SITEURL','http://10.211.55.14');

Should really be:

define('WP_HOME','https://10.211.55.14');
define('WP_SITEURL','https://10.211.55.14');

(Note the https:// there.)

See also https://codex.wordpress.org/Moving_WordPress.

As to the block you added to wp-config.php, this repository will already add roughly that exact block for new installs:

if [ ! -e wp-config.php ]; then
awk '/^\/\*.*stop editing.*\*\/$/ && c == 0 { c = 1; system("cat") } { print }' wp-config-sample.php > wp-config.php <<'EOPHP'
// If we're behind a proxy server and using HTTPS, we need to alert Wordpress of that fact
// see also http://codex.wordpress.org/Administration_Over_SSL#Using_a_Reverse_Proxy
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
$_SERVER['HTTPS'] = 'on';
}
EOPHP
chown "$user:$group" wp-config.php
fi

(As documented in http://codex.wordpress.org/Administration_Over_SSL#Using_a_Reverse_Proxy.)

Member

tianon commented Jan 4, 2018

This block of code:

define('WP_HOME','http://10.211.55.14');
define('WP_SITEURL','http://10.211.55.14');

Should really be:

define('WP_HOME','https://10.211.55.14');
define('WP_SITEURL','https://10.211.55.14');

(Note the https:// there.)

See also https://codex.wordpress.org/Moving_WordPress.

As to the block you added to wp-config.php, this repository will already add roughly that exact block for new installs:

if [ ! -e wp-config.php ]; then
awk '/^\/\*.*stop editing.*\*\/$/ && c == 0 { c = 1; system("cat") } { print }' wp-config-sample.php > wp-config.php <<'EOPHP'
// If we're behind a proxy server and using HTTPS, we need to alert Wordpress of that fact
// see also http://codex.wordpress.org/Administration_Over_SSL#Using_a_Reverse_Proxy
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
$_SERVER['HTTPS'] = 'on';
}
EOPHP
chown "$user:$group" wp-config.php
fi

(As documented in http://codex.wordpress.org/Administration_Over_SSL#Using_a_Reverse_Proxy.)

@tianon tianon closed this Jan 4, 2018

@morenoh149

This comment has been minimized.

Show comment
Hide comment
@morenoh149

morenoh149 Sep 2, 2018

I don't follow what the solution was here. I too am using a nginx running undockerized and I want it to proxy requests to the wordpress image. I was able to get through the installation wizard but there are no css assets loaded. I feel like this is a more basic question than nginx+ssl (which I'll get to next).

my nginx.conf

events {
    worker_connections 768;
    # multi_accept on;
}
http {
    server {
        server_name foo.com www.foo.com;

        location / {
            proxy_pass http://localhost:4000;
        }
    }
}

devtools network tab after reload on the wordpress site root (foo.com)
screen shot 2018-09-01 at 11 51 08 pm

update: I fixed one error net::ERR_INSECURE_RESPONSE by adding ssl to the site with letsencrypt, nginx and certbot. The error then becomes the assets refer to localhost:<port>.
screen shot 2018-09-02 at 11 24 37 am

I'm doing

sudo docker run -e WORDPRESS_DB_PASSWORD=foo -e WORDPRESS_ADDITIONAL_CONFIG="define('WP_HOME','https://foo.com'); define('WP_SITEURL','https://foo.com');" --name wordpress --link wordpressdb:mysql -p 4000:80 -d wordpress

but I'm not seeing the extra config addd to wp-config.php

morenoh149 commented Sep 2, 2018

I don't follow what the solution was here. I too am using a nginx running undockerized and I want it to proxy requests to the wordpress image. I was able to get through the installation wizard but there are no css assets loaded. I feel like this is a more basic question than nginx+ssl (which I'll get to next).

my nginx.conf

events {
    worker_connections 768;
    # multi_accept on;
}
http {
    server {
        server_name foo.com www.foo.com;

        location / {
            proxy_pass http://localhost:4000;
        }
    }
}

devtools network tab after reload on the wordpress site root (foo.com)
screen shot 2018-09-01 at 11 51 08 pm

update: I fixed one error net::ERR_INSECURE_RESPONSE by adding ssl to the site with letsencrypt, nginx and certbot. The error then becomes the assets refer to localhost:<port>.
screen shot 2018-09-02 at 11 24 37 am

I'm doing

sudo docker run -e WORDPRESS_DB_PASSWORD=foo -e WORDPRESS_ADDITIONAL_CONFIG="define('WP_HOME','https://foo.com'); define('WP_SITEURL','https://foo.com');" --name wordpress --link wordpressdb:mysql -p 4000:80 -d wordpress

but I'm not seeing the extra config addd to wp-config.php

@morenoh149

This comment has been minimized.

Show comment
Hide comment
@morenoh149

morenoh149 Sep 2, 2018

The proper environment variable is WORDPRESS_CONFIG_EXTRA.

sudo docker run -e WORDPRESS_DB_PASSWORD=foo -e WORDPRESS_CONFIG_EXTRA="define('WP_HOME','https://foo.com'); define('WP_SITEURL','https://foo.com');" --name wordpress --link wordpressdb:mysql -p 4000:80 -d wordpress

works and you should see a styled installation.

final nginx.conf. But you should let certbot add the ssl related lines.

events {
    worker_connections 768;
    # multi_accept on;
}

http {
    server {
        server_name foo.com www.foo.com;

        location / {
            proxy_pass http://localhost:4000;
        }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/foo.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/foo.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

    server {
    if ($host = www.foo.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = foo.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        server_name foo.com www.foo.com;
    listen 80;
    return 404; # managed by Certbot
}
}

It's still not fully solved, the site redirects to localhost after I complete the installation wizard. Thoughts?

morenoh149 commented Sep 2, 2018

The proper environment variable is WORDPRESS_CONFIG_EXTRA.

sudo docker run -e WORDPRESS_DB_PASSWORD=foo -e WORDPRESS_CONFIG_EXTRA="define('WP_HOME','https://foo.com'); define('WP_SITEURL','https://foo.com');" --name wordpress --link wordpressdb:mysql -p 4000:80 -d wordpress

works and you should see a styled installation.

final nginx.conf. But you should let certbot add the ssl related lines.

events {
    worker_connections 768;
    # multi_accept on;
}

http {
    server {
        server_name foo.com www.foo.com;

        location / {
            proxy_pass http://localhost:4000;
        }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/foo.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/foo.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

    server {
    if ($host = www.foo.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = foo.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        server_name foo.com www.foo.com;
    listen 80;
    return 404; # managed by Certbot
}
}

It's still not fully solved, the site redirects to localhost after I complete the installation wizard. Thoughts?

@tianon

This comment has been minimized.

Show comment
Hide comment
@tianon

tianon Sep 4, 2018

Member

@morenoh149 the important bit your NGINX configuration is missing is the X-Forwarded-Proto header, which is the standard way for a reverse proxy like NGINX to inform the application it's proxying for that it is handling the request via TLS even though the application itself is receiving the request over plain HTTP

Member

tianon commented Sep 4, 2018

@morenoh149 the important bit your NGINX configuration is missing is the X-Forwarded-Proto header, which is the standard way for a reverse proxy like NGINX to inform the application it's proxying for that it is handling the request via TLS even though the application itself is receiving the request over plain HTTP

@sdaban

This comment has been minimized.

Show comment
Hide comment
@sdaban

sdaban Sep 30, 2018

@tianon Thank you very much for that hint! I was struggling for days and had tried multiple approaches! You saved my day!!!

sdaban commented Sep 30, 2018

@tianon Thank you very much for that hint! I was struggling for days and had tried multiple approaches! You saved my day!!!

@morenoh149

This comment has been minimized.

Show comment
Hide comment
@morenoh149

morenoh149 Oct 1, 2018

@sdaban you may find #331 and it's solution useful

morenoh149 commented Oct 1, 2018

@sdaban you may find #331 and it's solution useful

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment