wordpress(nginx) https 与 http (HAproxy)

【问题标题】:wordpress(nginx) https vs. http (HAproxy)wordpress(nginx) https 与 http (HAproxy)
【发布时间】:2015-12-03 21:51:49
【问题描述】:

我的 wordpress 通过 https 连接时遇到问题。 当我使用 http 时,一切正常,网站看起来像: port 80 connection

当我添加 https(端口 443)时,它看起来像: port 443 connection

这是我的基础设施:

服务器:Centos7 HA代理:1.5.4 Wordpress:4.3.1(无插件) nginx:1.6.3

我的 HAproxy 配置文件:

chroot  /var/lib/haproxy
daemon
group  haproxy
log  127.0.0.1 local2
maxconn  4000
pidfile  /var/run/haproxy.pid
stats  socket /var/lib/haproxy/stats
tune.ssl.default-dh-param  2048
user  haproxy
defaults
  log  global
  maxconn  8000
  mode  http
  option  redispatch
  option  forwardfor
  option  http-server-close
  option  httplog
  retries  3
  stats  enable
  timeout  http-request 10s
  timeout  queue 1m
  timeout  connect 10s
  timeout  client 1m
  timeout  server 1m
  timeout  check 10s
frontend www
  bind *:80
  default_backend www-backend
  option http-server-close
  reqadd X-Forwarded-Proto:\ http
frontend www-https
  bind *:443 ssl crt /etc/pki/tls/certs/haproxy.pem
  default_backend www-backend
  option http-server-close
  reqadd X-Forwarded-Proto:\ https
backend www-backend
  balance roundrobin
  redirect scheme https if !{ ssl_fc }
  server wp1 192.168.56.33:80 check
  server wp2 192.168.56.34:80 check

我的 nginx.conf 文件:

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

events {
    worker_connections 1024;
}

    log_format format_json '{"time": "$time_iso8601", '
                        '"remote_addr": "$remote_addr, '
                        '"remote_user": "$remote_user", '
                        '"body_bytes_sent": $body_bytes_sent, '
                        '"request_time": $request_time, '
                        '"status": $status, '
                        '"request": "$request", '
                        '"request_method": "$request_method", '
                        '"http_referrer": "$http_referer", '
                        '"http_user_agent": "$http_user_agent"}';

    access_log  /var/log/nginx/access.log format_json;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;

我的 nginx 的 wordpres.conf:

upstream php {
        server 127.0.0.1:9000;
}

server {
        listen 80 default_server;

        root /var/www/html/wordpress;

        index index.php;

        server_name wordpress;

        location / {
                # This is cool because no php is touched for static content.
                # include the "?$args" part so non-default permalinks doesn't break when using query string
                try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
                #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
                include fastcgi.conf;
                fastcgi_intercept_errors on;
                fastcgi_pass php;
        }

        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                expires max;
                log_not_found off;
        }
}

如果有任何帮助,我将不胜感激。

【问题讨论】:

标签: ssl https haproxy


【解决方案1】:

解决办法:

将这些行添加到 wp-config.php

define('WP_HOME','http://PROXY_ADDRESS');
define('WP_SITEURL','http://PROXY_ADDRESS');

if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS']='on';

重要!在这些行之前添加它:

/* That's all, stop editing! Happy blogging. */

/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
        define('ABSPATH', dirname(__FILE__) . '/');

/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');

HAproxy.conf:

# This file managed by Puppet
global
  chroot  /var/lib/haproxy
  daemon
  group  haproxy
  log  10.0.2.15 local0
  maxconn  4000
  pidfile  /var/run/haproxy.pid
  stats  socket /var/lib/haproxy/stats
  tune.ssl.default-dh-param  2048
  user  haproxy

defaults
  log  global
  maxconn  8000
  mode  http
  option  redispatch
  option  forwardfor
  option  http-server-close
  option  httplog
  retries  3
  stats  enable
  timeout  http-request 10s
  timeout  queue 1m
  timeout  connect 10s
  timeout  client 1m
  timeout  server 1m
  timeout  check 10s

frontend www-https
  bind *:443 ssl crt /etc/pki/tls/certs/haproxy.pem
  mode http
  default_backend www-backend
  reqadd X-Forwarded-Proto:\ https if { ssl_fc }
  option forwardfor

backend www-backend
  balance roundrobin
  mode http
  option forwardfor
  option httpchk HEAD / HTTP/1.1\r\nHost:localhost
  server  wp1 192.168.56.67:33 check
  server  wp2 192.168.56.67:34 check
  http-request set-header X-Forwarded-Port %[dst_port]
  http-request add-header X-Forwarded-Proto https

【讨论】:

    猜你喜欢
    • 2014-02-06
    • 2016-11-12
    • 2019-05-14
    • 2012-10-25
    • 1970-01-01
    • 1970-01-01
    • 2020-09-24
    • 2020-02-24
    • 1970-01-01
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode