我在服务器配置上遇到问题,我无法弄清楚我做错了什么。
所以我有一个像这样的nginx代理:
server {
listen *:443 ssl;
ssl_certificate /root/software/keys/mywebsite.keys/mywebsite.crt;
ssl_certificate_key /root/software/keys/mywebsite.keys/mywebsite.key;
server_name www.mywebsite.com mywebsite.com;
access_log /var/log/nginx/mywebsite.access.log;
error_log /var/log/nginx/mywebsite.error.log;
root /srv/new-website;
index index.html index.htm index.php;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:8082;
}
}
我的容器正在我的docker-compose.yml文件中侦听端口8082:
version: '2'
services:
websites:
build:
context: ./dockerfiles/
args:
MYSQL_ROOT_PASSWORD: MyPassword
volumes:
- ./logs:/var/log
- ./html:/var/www
- ./mysql-data:/var/lib/mysql
ports:
- "8082:80"
在我的容器中,我正在使用以下配置安装nginx:
server {
listen *:80;
server_name www.mywebsite.com mywebsite.com;
access_log /var/log/nginx/mywebsite.access.log;
error_log /var/log/nginx/mywebsite.error.log;
root /var/www/mywebsite;
index index.html index.htm index.php;
# WordPress single blog rules.
# Designed to be included in any server {} block.
# Uncomment the code below to use htpasswd authentication
#location ~* (wp-login)\.php$ {
# auth_basic "Administrator Login";
# auth_basic_user_file /full/path/to/.htpasswd;
#}
# This order might seem weird - this is attempted to match last if rules below fail.
# http://wiki.nginx.org/HttpCoreModule
location / {
try_files $uri $uri/ /index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\. (ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
# Uncomment one of the lines below for the appropriate caching plugin (if used).
#include global/wordpress-wp-super-cache.conf;
#include global/wordpress-w3-total-cache.conf;
location ~ [^/]\.php(/|$) {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include fcgi.conf;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
我在wp-config.php
中配置了我的woordpress网站define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_CONTENT', true);
使用正确的网址https://www.mywebsite.com
更改数据库中的网址我的问题是,我遇到了ERR_TOO_MANY_REDIRECTS问题。代理似乎运行良好,因为我在容器中有一些nginx日志:
[20/Mar/2017:10:50:17 +0100] "GET /wp-login.php HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
感谢所有人提供的帮助。
编辑1:
所以我继续我的问题,可能会找到一些答案。问题似乎是在wordpress上,而不是在代理配置上。
如果我添加:
define('WP_CACHE', true); // Added by W3 Total Cache
echo 'test';exit();
在wp-config.php中,我的网站加载了我的正确证书,并且eveything运行良好。所以我的问题似乎是在wordpress上,这是在https上循环,但我无法弄清楚为什么。我将尝试逐步调试。
答案 0 :(得分:7)
最后,我找到了解决方案。反向代理运行良好。
问题出在wordpress配置中,等待$_SERVER['HTTPS'] = 'on'
。但是当我在容器中处理nginx时,wordpress会继续在HTTPS上重定向网站。
所以我只需将$_SERVER['HTTPS'] = 'on';
设置在wp-config.php的顶部即可。
希望这有时会有所帮助。
答案 1 :(得分:0)
你正在收听太多的重定向,因为你正在听443:
listen *:443 ssl;
并重定向到443
proxy_set_header X-Forwarded-Proto https;
从你的nginx.conf中删除这一行:
proxy_set_header X-Forwarded-Proto https;
答案 2 :(得分:0)
刚刚遇到了类似的问题。下面是一个适合我的YAML文件示例。
version: '2'
services:
wordpress:
image: wordpress
ports:
- 8080:80
environment:
WORDPRESS_DB_PASSWORD: MyPassword
VIRTUAL_HOST: example.com # replace with real domain
LETSENCRYPT_HOST: example.com # replace with real domain
LETSENCRYPT_EMAIL: email@email.com # replace with real email
mysql:
image: mysql:5.7
environment:
MYSQL_ROOT_PASSWORD: MyPassword
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
ports:
- 80:80
- 443:443
volumes:
- /etc/certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
- /etc/nginx/vhost.d
- /usr/share/nginx/html
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: letsencrypt
volumes:
- /etc/certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
volumes_from:
- nginx-proxy