如何在Amazon Load Balancer后面修复Wordpress HTTPS问题？ [英] How to fix Wordpress HTTPS issues when behind an Amazon Load Balancer?

问题描述

我以前遇到过这个问题。在Amazon的EC2负载均衡器后面运行Wordpress（或其他PHP脚本）时，脚本没有意识到它们是在https：//协议上运行的，并导致诸如无限重定向循环和HTTPS警告之类的问题（有关此内容的一些内容）正在以非安全的方式请求页面...）。

I've had this issue before. When running Wordpress (or other PHP scripts) behind Amazon's EC2 Load Balancer, the scripts do not realize they are being ran on the https:// protocol and results in issues such as endless redirect loops, and HTTPS warnings ("Some content on this page is being requested in a non-secure way...").

我在这里找到了一个解决方案，但需要修改Wordpress核心，这对可更新性没有好处：
https ：//wordpress.org/support/topic/when-behind-amazon-web-services-elastic-load-balancer-causes-endless-redirect

I found a solution here, but requires modifying Wordpress core, which is no good for updatability: https://wordpress.org/support/topic/when-behind-amazon-web-services-elastic-load-balancer-causes-endless-redirect

有没有办法解决这个问题，而无需修改Wordpress核心？我正在使用Apache 2.2。

Is there a way to fix this without modifying Wordpress core? I am using Apache 2.2.

推荐答案

正如您提供的链接所建议的那样，对于Wordpress，问题在于 is_ssl（）函数，与大多数PHP软件一样，显式检查 $ _ SERVER ['HTTPS'] 和 $ _ SERVER ['SERVER_PORT'] 检查当前页面是否在https：//上下文中被访问。

As the link you gave suggested, for Wordpress the issue lies in the is_ssl() function, which like most PHP software explicitly checks the $_SERVER['HTTPS'] and $_SERVER['SERVER_PORT'] to check if the current page is being accessed in the https:// context.

当您的页面被访问时HTTPS，但亚马逊负载均衡器正在执行SSL卸载，并且实际上在非SSL端口80，网络服务器，PHP或其他任何内容上请求您的内容，不理解或看到它是通过https：//访问的。

When your page is accessed over HTTPS, but the Amazon Load Balancer is performing SSL offloading and actually requesting your content on the non-SSL port 80, the webserver, PHP, or anything else for that matter, does not understand or see that it's being accessed over https://.

对此的修复是亚马逊的ELB发送事实上的标准 X-Forwareded-Proto HTTP header，我们可以用它来确定客户端在负载均衡器的另一端使用实际的协议。

The fix for this, is that Amazon's ELB sends the de-facto standard X-Forwareded-Proto HTTP header, which we can use to figure out which protocol the client is actually using on the other side of the Load Balancer.

使用Apache 2.2 ，你可以使用一些东西e行：

With Apache 2.2, you could use something along the lines of:

<IfModule mod_setenvif.c>
  SetEnvIf X-Forwarded-Proto "^https$" HTTPS
</IfModule>

这只是读取 X-Forwared-Proto 标题，如果它等于 https ，则将 HTTPS 环境变量设置为 1 。 PHP将看到这个环境变量，最终它将变为 $ _ SERVER ['HTTPS'] 等于 1 - 就像它对真正的原生SSL请求一样。

This simply reads the X-Forwared-Proto header, and if it equals https then, sets the HTTPS environment variable to 1. PHP will see this environment variable, and eventually it will become $_SERVER['HTTPS'] that equals 1 -- just like it would be for a "real" native SSL request.

这篇关于如何在Amazon Load Balancer后面修复Wordpress HTTPS问题？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！