yzT yzT - 1 month ago 29
Apache Configuration Question

Nginx proxy, WP on Apache. Redirect 302 on wp-login.pphp

I'm using nginx to proxy traffic to Docker containers, but I'm having problems with a container running WordPress over Apache.

Blog works fine, I see posts, pictures... But I can't access the admin page because the redirection to wp-login.php is returning a 302 and never is done, so after some tries the browser throws an error about too many redirects.

Proxy config:

server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem;

# HSTS
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;


location /newWeb {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_cookie_path / "/; secure; HttpOnly";
}
location /blog {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_cookie_path / "/; secure; HttpOnly";
}
}

server {
listen 80;
location /.well-known {
alias /usr/local/etc/letsencrypt-webroot/.well-known;
}
return 301 https://$host$request_uri;
}


Notice that I'm not looking for the
try_files
directive to prevent the loop, I'm trying to find the solution to successfully redirect to wp-login.php.

UPDATE:

This is from the Docker host. 8080 is the port I'm forwarding to Apache's 80.

wget http://127.0.0.1:8080/blog/wp-login.php
--2016-10-25 11:35:34-- http://127.0.0.1:8080/blog/wp-login.php
Connecting to 127.0.0.1:8080... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://127.0.0.1:8080/blog/wp-login.php [following]
--2016-10-25 11:35:35-- https://127.0.0.1:8080/blog/wp-login.php
Connecting to 127.0.0.1:8080... connected.
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.


I understand the error is because Apache is not listening on HTTPS, just HTTP. Which leads me to two questions:


  • How the hell can I have SSL offloading with Nginx and Apache? In theory, Apache doesn't need to expect HTTPS.

  • In the
    wget
    example, why is it being redirected to HTTPS? It's not going through nginx, but directly to the Apache container, and VirtualHost is just the simple:

    <VirtualHost *:80>
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    </VirtualHost>


    There is no
    .htaccess
    either


yzT yzT
Answer

I found the answer in this question http://wordpress.stackexchange.com/questions/170165/wordpress-wp-admin-https-redirect-loop

I was missing $_SERVER['HTTPS'] = 'on'. I don't know why it isn't commented in the wp-config.php...