1. дома
  2. Вопрос и ответ
  3. wordpress (nginx) https vs. http (HAproxy)

wordpress (nginx) https vs. http (HAproxy)

2015-12-01 5 views
0

У меня проблема с подключением wordpress через https. Когда я использую HTTP все работает правильно и сайт выглядит следующим образом: port 80 connectionwordpress (nginx) https vs. http (HAproxy)

Когда я добавить HTTPS (порт 443) это выглядит следующим образом: port 443 connection

Вот моя инфраструктура:

Серверы: Centos7 HAproxy: 1.5.4 Wordpress: 4.3.1 (без плагинов) Nginx: 1.6.3

Мой HAproxy конф файл:

chroot /var/lib/haproxy 
daemon 
group haproxy 
log 127.0.0.1 local2 
maxconn 4000 
pidfile /var/run/haproxy.pid 
stats socket /var/lib/haproxy/stats 
tune.ssl.default-dh-param 2048 
user haproxy 
defaults 
    log global 
    maxconn 8000 
    mode http 
    option redispatch 
    option forwardfor 
    option http-server-close 
    option httplog 
    retries 3 
    stats enable 
    timeout http-request 10s 
    timeout queue 1m 
    timeout connect 10s 
    timeout client 1m 
    timeout server 1m 
    timeout check 10s 
frontend www 
    bind *:80 
    default_backend www-backend 
    option http-server-close 
    reqadd X-Forwarded-Proto:\ http 
frontend www-https 
    bind *:443 ssl crt /etc/pki/tls/certs/haproxy.pem 
    default_backend www-backend 
    option http-server-close 
    reqadd X-Forwarded-Proto:\ https 
backend www-backend 
    balance roundrobin 
    redirect scheme https if !{ ssl_fc } 
    server wp1 192.168.56.33:80 check 
    server wp2 192.168.56.34:80 check

Мой nginx.conf файл:

user nginx; 
worker_processes auto; 
error_log /var/log/nginx/error.log; 
pid /var/run/nginx.pid; 

events { 
    worker_connections 1024; 
} 

    log_format format_json '{"time": "$time_iso8601", ' 
         '"remote_addr": "$remote_addr, ' 
         '"remote_user": "$remote_user", ' 
         '"body_bytes_sent": $body_bytes_sent, ' 
         '"request_time": $request_time, ' 
         '"status": $status, ' 
         '"request": "$request", ' 
         '"request_method": "$request_method", ' 
         '"http_referrer": "$http_referer", ' 
         '"http_user_agent": "$http_user_agent"}'; 

    access_log /var/log/nginx/access.log format_json; 

    sendfile   on; 
    tcp_nopush   on; 
    tcp_nodelay   on; 
    keepalive_timeout 65; 
    types_hash_max_size 2048; 

    include    /etc/nginx/mime.types; 
    default_type  application/octet-stream; 

    include /etc/nginx/conf.d/*.conf;

Мой wordpres.conf для Nginx:

upstream php { 
     server 127.0.0.1:9000; 
} 

server { 
     listen 80 default_server; 

     root /var/www/html/wordpress; 

     index index.php; 

     server_name wordpress; 

     location/{ 
       # This is cool because no php is touched for static content. 
       # include the "?$args" part so non-default permalinks doesn't break when using query string 
       try_files $uri $uri/ /index.php?$args; 
     } 

     location ~ \.php$ { 
       #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini 
       include fastcgi.conf; 
       fastcgi_intercept_errors on; 
       fastcgi_pass php; 
     } 

     location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { 
       expires max; 
       log_not_found off; 
     } 
}

Я был бы признателен за любую помощь.

источник

2015-12-01 Andrzej Jędrzejewski

ответ

1

Решение:

Добавьте эти строки в WP-config.php

define('WP_HOME','http://PROXY_ADDRESS'); 
define('WP_SITEURL','http://PROXY_ADDRESS'); 

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS']='on';

Внимание! Добавьте его перед этими строками:

/* That's all, stop editing! Happy blogging. */ 

/** Absolute path to the WordPress directory. */ 
if (!defined('ABSPATH')) 
     define('ABSPATH', dirname(__FILE__) . '/'); 

/** Sets up WordPress vars and included files. */ 
require_once(ABSPATH . 'wp-settings.php');

HAproxy.conf:

# This file managed by Puppet 
global 
    chroot /var/lib/haproxy 
    daemon 
    group haproxy 
    log 10.0.2.15 local0 
    maxconn 4000 
    pidfile /var/run/haproxy.pid 
    stats socket /var/lib/haproxy/stats 
    tune.ssl.default-dh-param 2048 
    user haproxy 

defaults 
    log global 
    maxconn 8000 
    mode http 
    option redispatch 
    option forwardfor 
    option http-server-close 
    option httplog 
    retries 3 
    stats enable 
    timeout http-request 10s 
    timeout queue 1m 
    timeout connect 10s 
    timeout client 1m 
    timeout server 1m 
    timeout check 10s 

frontend www-https 
    bind *:443 ssl crt /etc/pki/tls/certs/haproxy.pem 
    mode http 
    default_backend www-backend 
    reqadd X-Forwarded-Proto:\ https if { ssl_fc } 
    option forwardfor 

backend www-backend 
    balance roundrobin 
    mode http 
    option forwardfor 
    option httpchk HEAD/HTTP/1.1\r\nHost:localhost 
    server wp1 192.168.56.67:33 check 
    server wp2 192.168.56.67:34 check 
    http-request set-header X-Forwarded-Port %[dst_port] 
    http-request add-header X-Forwarded-Proto https

источник

2015-12-03 10:52:40

Смежные вопросы

 Смежные вопросы