如何在 Amazon 负载均衡器后面修复 WordPress HTTPS 问题? [英] How to fix WordPress HTTPS issues when behind an Amazon Load Balancer?
问题描述
我以前遇到过这个问题.在 Amazon 的 EC2 负载均衡器后面运行 WordPress(或其他 PHP 脚本)时,脚本没有意识到它们是在 https://协议上运行的,并导致诸如无休止的重定向循环和 HTTPS 警告等问题(关于此的一些内容正在以不安全的方式请求页面...").
我在这里找到了一个解决方案,但需要修改WordPress核心,这对可更新性不利:https://wordpress.org/support/topic/when-behind-amazon-web-services-elastic-load-balancer-causes-endless-redirect
有没有办法在不修改 WordPress 核心的情况下解决这个问题?我使用的是 Apache 2.2.
就像你给出的链接一样,对于 WordPress,问题在于 is_ssl() 函数,它与大多数 PHP 软件一样明确检查 $_SERVER['HTTPS'] 和 $_SERVER['SERVER_PORT'] 以检查当前页面是否在 https://上下文中被访问.>
当您的页面通过 HTTPS 访问,但 Amazon 负载均衡器正在执行 SSL 卸载并实际在非 SSL 端口 80 上请求您的内容时,网络服务器、PHP 或其他任何与此相关的内容无法理解或看到正在通过 https://访问它.
对此的修复是亚马逊的 ELB 发送事实上的标准 X-Forwarded-Proto HTTP 标头,我们可以使用它来确定客户端实际上是哪种协议 在负载均衡器的另一端使用.
使用 Apache 2.2,您可以使用以下内容:
SetEnvIf X-Forwarded-Proto "^https$";HTTPS</IfModule> 这只是读取X-Forwarded-Proto 标头.如果此值等于 https,则 HTTPS 环境变量设置为 1.PHP 会看到这个环境变量,最终,它会变成 $_SERVER['HTTPS'] 等于 1 —— 就像真正的"代码一样.原生 SSL 请求.
I've had this issue before. When running WordPress (or other PHP scripts) behind Amazon's EC2 Load Balancer, the scripts do not realize they are being ran on the https:// protocol and results in issues such as endless redirect loops, and HTTPS warnings ("Some content on this page is being requested in a non-secure way...").
I found a solution here, but requires modifying WordPress core, which is no good for updatability: https://wordpress.org/support/topic/when-behind-amazon-web-services-elastic-load-balancer-causes-endless-redirect
Is there a way to fix this without modifying WordPress core? I am using Apache 2.2.
Like the link, you gave suggested, for WordPress the issue lies in the is_ssl() function, which like most PHP software explicitly checks the $_SERVER['HTTPS'] and $_SERVER['SERVER_PORT'] to check if the current page is being accessed in the https:// context.
When your page is accessed over HTTPS, but the Amazon Load Balancer is performing SSL offloading and actually requesting your content on the non-SSL port 80, the webserver, PHP, or anything else for that matter, does not understand or see that it's being accessed over https://.
The fix for this is that Amazon's ELB sends the de-facto standard X-Forwarded-Proto HTTP header, which we can use to figure out which protocol the client is actually using on the other side of the Load Balancer.
With Apache 2.2, you could use something along the lines of:
<IfModule mod_setenvif.c>
SetEnvIf X-Forwarded-Proto "^https$" HTTPS
</IfModule>
This simply reads the X-Forwarded-Proto header. If this value equals https then the HTTPS environment variable is set to 1. PHP will see this environment variable, and eventually, it will become $_SERVER['HTTPS'] that equals 1 -- just like it would be for a "real" native SSL request.
这篇关于如何在 Amazon 负载均衡器后面修复 WordPress HTTPS 问题?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
