使用ssl

时间:2017-03-20 10:19:36

标签: wordpress nginx docker https reverse-proxy

我在服务器配置上遇到问题,我无法弄清楚我做错了什么。

所以我有一个像这样的nginx代理:

server {
    listen *:443 ssl;
    ssl_certificate /root/software/keys/mywebsite.keys/mywebsite.crt;
    ssl_certificate_key /root/software/keys/mywebsite.keys/mywebsite.key;

    server_name www.mywebsite.com mywebsite.com;

    access_log /var/log/nginx/mywebsite.access.log;
    error_log /var/log/nginx/mywebsite.error.log;

    root /srv/new-website;
    index index.html index.htm index.php;

    location  / {
        proxy_redirect          off;
        proxy_set_header        Host            $host;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        client_body_buffer_size 128k;
        proxy_connect_timeout   90;
        proxy_send_timeout      90;
        proxy_read_timeout      90;
        proxy_buffers           32 4k;
        proxy_set_header X-Forwarded-Proto https;
        proxy_pass http://127.0.0.1:8082;
    }
}

我的容器正在我的docker-compose.yml文件中侦听端口8082:

version: '2'

services:
    websites:
        build: 
            context: ./dockerfiles/                                        
            args:                                                                      
                MYSQL_ROOT_PASSWORD: MyPassword
        volumes:
            - ./logs:/var/log
            - ./html:/var/www
            - ./mysql-data:/var/lib/mysql
        ports:
            - "8082:80"

在我的容器中,我正在使用以下配置安装nginx:

server {
    listen *:80;

    server_name www.mywebsite.com mywebsite.com;

    access_log /var/log/nginx/mywebsite.access.log;
    error_log /var/log/nginx/mywebsite.error.log;

    root /var/www/mywebsite;
    index index.html index.htm index.php;

    # WordPress single blog rules.
    # Designed to be included in any server {} block.

    # Uncomment the code below to use htpasswd authentication
    #location ~* (wp-login)\.php$ {
    #    auth_basic            "Administrator Login";
    #    auth_basic_user_file  /full/path/to/.htpasswd;
    #}

    # This order might seem weird - this is attempted to match last if rules below fail.
    # http://wiki.nginx.org/HttpCoreModule
    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    # Add trailing slash to */wp-admin requests.
    rewrite /wp-admin$ $scheme://$host$uri/ permanent;

    # Directives to send expires headers and turn off 404 error logging.
    location ~* ^.+\.    (ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
       access_log off; log_not_found off; expires max;
    }

    # Uncomment one of the lines below for the appropriate caching plugin (if used).
    #include global/wordpress-wp-super-cache.conf;
    #include global/wordpress-w3-total-cache.conf;

    location ~ [^/]\.php(/|$) {

        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;

        fastcgi_index index.php;
        include fcgi.conf;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
}

我在wp-config.php

中配置了我的woordpress网站
define('FORCE_SSL_ADMIN',   true);
define('FORCE_SSL_LOGIN',   true);
define('FORCE_SSL_CONTENT', true);

使用正确的网址https://www.mywebsite.com

更改数据库中的网址

我的问题是,我遇到了ERR_TOO_MANY_REDIRECTS问题。代理似乎运行良好,因为我在容器中有一些nginx日志:

[20/Mar/2017:10:50:17 +0100] "GET /wp-login.php HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"

感谢所有人提供的帮助。

编辑1:

所以我继续我的问题,可能会找到一些答案。问题似乎是在wordpress上,而不是在代理配置上。

如果我添加:

define('WP_CACHE', true); // Added by W3 Total Cache
echo 'test';exit();

在wp-config.php中,我的网站加载了我的正确证书,并且eveything运行良好。所以我的问题似乎是在wordpress上,这是在https上循环,但我无法弄清楚为什么。我将尝试逐步调试。

3 个答案:

答案 0 :(得分:7)

最后,我找到了解决方案。反向代理运行良好。 问题出在wordpress配置中,等待$_SERVER['HTTPS'] = 'on'。但是当我在容器中处理nginx时,wordpress会继续在HTTPS上重定向网站。

所以我只需将$_SERVER['HTTPS'] = 'on';设置在wp-config.php的顶部即可。

希望这有时会有所帮助。

答案 1 :(得分:0)

你正在收听太多的重定向,因为你正在听443:

listen *:443 ssl;

并重定向到443

proxy_set_header X-Forwarded-Proto https;

从你的nginx.conf中删除这一行:

proxy_set_header X-Forwarded-Proto https; 

答案 2 :(得分:0)

刚刚遇到了类似的问题。下面是一个适合我的YAML文件示例。

version: '2'

services:

  wordpress:
    image: wordpress
    ports:
      - 8080:80
    environment:
      WORDPRESS_DB_PASSWORD: MyPassword
      VIRTUAL_HOST: example.com # replace with real domain
      LETSENCRYPT_HOST: example.com # replace with real domain
      LETSENCRYPT_EMAIL: email@email.com # replace with real email

  mysql:
    image: mysql:5.7
    environment:
      MYSQL_ROOT_PASSWORD: MyPassword

  nginx-proxy:
    image: jwilder/nginx-proxy
    container_name: nginx-proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/certs:/etc/nginx/certs:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - /etc/nginx/vhost.d
      - /usr/share/nginx/html
    labels:
      com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"

  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    container_name: letsencrypt
    volumes:
      - /etc/certs:/etc/nginx/certs:rw
      - /var/run/docker.sock:/var/run/docker.sock:ro
    volumes_from:
      - nginx-proxy