使用 SSL 的 nginx 反向代理背后的 Docker 上的 Wordpress [英] Wordpress on Docker behind nginx reverse proxy using SSL

问题描述

这是我的问题，

我需要在子目录 url (https://test.com/blog/") 上安装 wordpress 应用程序.由于我的整个环境都在 Docker 上运行，因此我决定对 wordpress 应用程序做同样的事情.

I need to install a wordpress application on a subdirectory url ("https://test.com/blog/"). Since my whole environment is running on Docker, I decided to do the same with the wordpress app.

为了尽可能简单地开始，我将 wordpress 图像添加到我的 docker-compose.yml，并创建了一个子域(http://blog.test.com"，它没有使用 https)落在应用程序与我的 nginx 反向代理.

To start it as simple as possible, I added the wordpress image to my docker-compose.yml, and made a subdomain ("http://blog.test.com" which was not using https) fall on the application with my nginx reverse proxy.

效果很好，我就这样安装了我的 wordpress.

It worked well and I installed my wordpress like that.

现在我正在尝试将其迁移到我最初的需求，我的问题是一切都很好"，除非我无法访问管理 url (https://test.com/blog/admin) 因为它会在 https://test.com/blog/wp-admin 并且我收到重定向过多"的提示错误.

Now I'm trying to migrate this to my initial need and my problem is that everything works "well", unless I can't access the admin url (https://test.com/blog/admin) because it keeps redirects on https://test.com/blog/wp-admin and I get a "Too many redirects" error.

这是我的 nginx 配置:

Here is my nginx configuration :

server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name test.com;
  return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    server_name test.com;

    error_log /var/log/nginx/test_error.log;
    access_log /var/log/nginx/test_access.log;

    location /blog/ {
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/test-htpasswd;
        proxy_pass http://127.0.0.1:8090;
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_read_timeout    90;
        proxy_connect_timeout 90;
        proxy_redirect        off;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $proxy_connection;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl;
        proxy_set_header X-Forwarded-Port 443;

    # Mitigate httpoxy attack (see README for details)
           proxy_set_header Proxy "";
    }

    location / {
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/test-htpasswd;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:8082;
    }

    ssl_certificate /etc/letsencrypt/live/test.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/test.com/privkey.pem; # managed by Certbot

    add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
}

我还在 wordpress 容器中 wp-config.php 文件的顶部添加了以下内容:

I also added the following at the top of wp-config.php file in the wordpress container :

define('FORCE_SSL_ADMIN', true);

if($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'){

    $_SERVER['HTTPS'] = 'on';
    $_SERVER['SERVER_PORT'] = 443;
}

define('WP_HOME','https://test.com/blog/');
define('WP_SITEURL','https://test.com/blog/');

我注意到的是，如果我尝试通过执行

What I noticed is if I try to print the $_SERVER variable by doing

var_dump($_SERVER);

var_dump($_SERVER);

在 wp-config.php 中，没有任何 nginx 代理变量.

in wp-config.php, there isn't any of the nginx proxy variables.

这是输出:

array(42) { 
["REDIRECT_STATUS"]=> string(3) "200" 
["HTTP_HOST"]=> string(15) "test.com"
["HTTP_X_REAL_IP"]=> string(15) "itsmyip"
["HTTP_CONNECTION"]=> string(5) "close"
["HTTP_CACHE_CONTROL"]=> string(9) "max-age=0"
["HTTP_UPGRADE_INSECURE_REQUESTS"]=> string(1) "1"
["HTTP_USER_AGENT"]=> string(104) "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36"
["HTTP_SEC_FETCH_USER"]=> string(2) "?1"
["HTTP_ACCEPT"]=> string(124) "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
["HTTP_SEC_FETCH_SITE"]=> string(4) "none"
["HTTP_SEC_FETCH_MODE"]=> string(8) "navigate"
["HTTP_ACCEPT_ENCODING"]=> string(17) "gzip, deflate, br"
["HTTP_ACCEPT_LANGUAGE"]=> string(35) "fr-FR,fr;q=0.9,en-US;q=0.8,en;q=0.7"
["HTTP_COOKIE"]=> string(547) "_lfa=eyJYYnAxb2FFR2RSazdFZFZqIjoiTEYxLjEuNGFiNTNhYjI1ZWMwNDE3MS4xNTk1OTM2MTk5MjIyIn0%3D; _ga=GA1.2.1198854717.1595936200; _gid=GA1.2.2083987609.1595936200; _hjid=51fe1835-b72b-4957-873f-dc4147a455fc; _hjIncludedInSample=1; _fbp=fb.1.1595936200807.1293959861; __zlcmid=zPjJja34jXiPWc; PHPSESSID=bo5jv9md5j6kmtomigjgi2bdnl; REMEMBERME=VGhpdmVvXENvcmVCdW5kbGVcRW50aXR5XFVzZXI6Y21Gd2FHRmxiQzV3WlhKamFHVmpLM1JsYzNSaGNtTm9hVzFsWkdWQVoyMWhhV3d1WTI5dDoxNjI3NDcyMjI1Ojg5MWY3ZGM1M2QyMmQyNzdiNWI3MjQ5NTY4NThkZWE5MWIxYmU2NjUzM2EzMmQ5Yzc5MzFjOWJmM2E4ZDliNjk%3D" ["PATH"]=> string(60) "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
["SERVER_SIGNATURE"]=> string(76) "
Apache/2.4.38 (Debian) Server at test.com Port 80
" 
["SERVER_SOFTWARE"]=> string(22) "Apache/2.4.38 (Debian)"
["SERVER_NAME"]=> string(15) "test.com"
["SERVER_ADDR"]=> string(11) "itsmyip"
["SERVER_PORT"]=> string(2) "80"
["REMOTE_ADDR"]=> string(15) "itsmyip"
["DOCUMENT_ROOT"]=> string(13) "/var/www/html"
["REQUEST_SCHEME"]=> string(4) "http"
["CONTEXT_PREFIX"]=> string(0) "
" ["CONTEXT_DOCUMENT_ROOT"]=> string(13) "/var/www/html"
["SERVER_ADMIN"]=> string(19) "webmaster@localhost"
["SCRIPT_FILENAME"]=> string(23) "/var/www/html/index.php"
["REMOTE_PORT"]=> string(5) "38136"
["REDIRECT_URL"]=> string(12) "/blog/"
["GATEWAY_INTERFACE"]=> string(7) "CGI/1.1"
["SERVER_PROTOCOL"]=> string(8) "HTTP/1.0"
["REQUEST_METHOD"]=> string(3) "GET"
["QUERY_STRING"]=> string(0) ""
["REQUEST_URI"]=> string(12) "/blog/"
["SCRIPT_NAME"]=> string(10) "/index.php"
["PHP_SELF"]=> string(10) "/index.php"
["REQUEST_TIME_FLOAT"]=> float(1595941685.61)
["REQUEST_TIME"]=> int(1595941685)
["argv"]=> array(0) { } 
["argc"]=> int(0) 

你有什么想法吗?

推荐答案

实际上我找到了解决方案！我的 nginx 配置有错误，如果有人感兴趣，这是我的最终工作配置:

Actually I found my way through it ! I had an error in my nginx configuration and if anyone is interested, here is my final working configuration :

nginx.conf 文件(wordpress 块):

nginx.conf file (wordpress bloc) :

location /blog/ {
        proxy_pass http://127.0.0.1:8093/;
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_read_timeout    90;
        proxy_connect_timeout 90;
        proxy_redirect        off;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Port 443;
        proxy_set_header Proxy "";
    }

这是我在 wordpress 容器的 wp_config.php 文件顶部添加的内容:

Here is what I added at the top of wp_config.php file of my wordpress container :

define('FORCE_SSL_ADMIN', true);

$_SERVER['REQUEST_URI'] = str_replace("/wp-admin/", "/blog/wp-admin/",  $_SERVER['REQUEST_URI']);

if($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'){

    $_SERVER['HTTPS'] = 'on';
    $_SERVER['SERVER_PORT'] = 443;
}

define('WP_HOME','https://test.com/blog/');
define('WP_SITEURL','https://test.com/blog/');

干杯！

这篇关于使用 SSL 的 nginx 反向代理背后的 Docker 上的 Wordpress的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！