Wordpress inside docker container behind nginx proxy with ssl
Wordpress inside docker container behind nginx proxy with ssl
我的服务器配置有问题,我不知道我做错了什么。
所以我有一个像这样的 nginx 代理 :
server {
listen *:443 ssl;
ssl_certificate /root/software/keys/mywebsite.keys/mywebsite.crt;
ssl_certificate_key /root/software/keys/mywebsite.keys/mywebsite.key;
server_name www.mywebsite.com mywebsite.com;
access_log /var/log/nginx/mywebsite.access.log;
error_log /var/log/nginx/mywebsite.error.log;
root /srv/new-website;
index index.html index.htm index.php;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:8082;
}
}
我的容器正在我的 docker-compose.yml 文件中侦听端口 8082 :
version: '2'
services:
websites:
build:
context: ./dockerfiles/
args:
MYSQL_ROOT_PASSWORD: MyPassword
volumes:
- ./logs:/var/log
- ./html:/var/www
- ./mysql-data:/var/lib/mysql
ports:
- "8082:80"
在我的容器中,我正在安装 nginx,配置如下:
server {
listen *:80;
server_name www.mywebsite.com mywebsite.com;
access_log /var/log/nginx/mywebsite.access.log;
error_log /var/log/nginx/mywebsite.error.log;
root /var/www/mywebsite;
index index.html index.htm index.php;
# WordPress single blog rules.
# Designed to be included in any server {} block.
# Uncomment the code below to use htpasswd authentication
#location ~* (wp-login)\.php$ {
# auth_basic "Administrator Login";
# auth_basic_user_file /full/path/to/.htpasswd;
#}
# This order might seem weird - this is attempted to match last if rules below fail.
# http://wiki.nginx.org/HttpCoreModule
location / {
try_files $uri $uri/ /index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\. (ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
# Uncomment one of the lines below for the appropriate caching plugin (if used).
#include global/wordpress-wp-super-cache.conf;
#include global/wordpress-w3-total-cache.conf;
location ~ [^/]\.php(/|$) {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include fcgi.conf;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
我也在 wp-config.php
中配置了我的 wordpress 网站
define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_CONTENT', true);
并用正确的 url https://www.mywebsite.com
更改了数据库中的 url
我的问题是,我遇到了 ERR_TOO_MANY_REDIRECTS 问题。代理似乎运行良好,因为我在容器中有一些 nginx 日志:
[20/Mar/2017:10:50:17 +0100] "GET /wp-login.php HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
感谢大家提供的帮助。
编辑 1:
所以我继续解决我的问题,可能会找到一些答案。问题似乎出在 wordpress 上,而不是在代理配置上。
如果我添加:
define('WP_CACHE', true); // Added by W3 Total Cache
echo 'test';exit();
在 wp-config.php 中,我的网站加载了我正确的证书,并且一切正常。所以我的问题似乎是在 wordpress 上,它在 https 上循环,但我不明白为什么。我会逐步调试的。
您收到的重定向过多,因为您在 443 上收听:
listen *:443 ssl;
并重定向到 443
proxy_set_header X-Forwarded-Proto https;
从您的 nginx.conf 中删除此行:
proxy_set_header X-Forwarded-Proto https;
终于,我找到了解决办法。反向代理运行良好。
问题出在正在等待 $_SERVER['HTTPS'] = 'on' 的 wordpress 配置中。但是当我在我的容器中使用 nginx 时,wordpress 一直在 HTTPS 上重定向网站。
所以我只是在 wp-config.php 的顶部设置 $_SERVER['HTTPS'] = 'on'; 就这样。
希望这有时能有所帮助。
刚刚在设置所有内容时遇到了类似的问题。下面是一个适用于我的示例 YAML 文件。
version: '2'
services:
wordpress:
image: wordpress
ports:
- 8080:80
environment:
WORDPRESS_DB_PASSWORD: MyPassword
VIRTUAL_HOST: example.com # replace with real domain
LETSENCRYPT_HOST: example.com # replace with real domain
LETSENCRYPT_EMAIL: email@email.com # replace with real email
mysql:
image: mysql:5.7
environment:
MYSQL_ROOT_PASSWORD: MyPassword
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
ports:
- 80:80
- 443:443
volumes:
- /etc/certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
- /etc/nginx/vhost.d
- /usr/share/nginx/html
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: letsencrypt
volumes:
- /etc/certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
volumes_from:
- nginx-proxy
我的服务器配置有问题,我不知道我做错了什么。
所以我有一个像这样的 nginx 代理 :
server {
listen *:443 ssl;
ssl_certificate /root/software/keys/mywebsite.keys/mywebsite.crt;
ssl_certificate_key /root/software/keys/mywebsite.keys/mywebsite.key;
server_name www.mywebsite.com mywebsite.com;
access_log /var/log/nginx/mywebsite.access.log;
error_log /var/log/nginx/mywebsite.error.log;
root /srv/new-website;
index index.html index.htm index.php;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffers 32 4k;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://127.0.0.1:8082;
}
}
我的容器正在我的 docker-compose.yml 文件中侦听端口 8082 :
version: '2'
services:
websites:
build:
context: ./dockerfiles/
args:
MYSQL_ROOT_PASSWORD: MyPassword
volumes:
- ./logs:/var/log
- ./html:/var/www
- ./mysql-data:/var/lib/mysql
ports:
- "8082:80"
在我的容器中,我正在安装 nginx,配置如下:
server {
listen *:80;
server_name www.mywebsite.com mywebsite.com;
access_log /var/log/nginx/mywebsite.access.log;
error_log /var/log/nginx/mywebsite.error.log;
root /var/www/mywebsite;
index index.html index.htm index.php;
# WordPress single blog rules.
# Designed to be included in any server {} block.
# Uncomment the code below to use htpasswd authentication
#location ~* (wp-login)\.php$ {
# auth_basic "Administrator Login";
# auth_basic_user_file /full/path/to/.htpasswd;
#}
# This order might seem weird - this is attempted to match last if rules below fail.
# http://wiki.nginx.org/HttpCoreModule
location / {
try_files $uri $uri/ /index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Directives to send expires headers and turn off 404 error logging.
location ~* ^.+\. (ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires max;
}
# Uncomment one of the lines below for the appropriate caching plugin (if used).
#include global/wordpress-wp-super-cache.conf;
#include global/wordpress-w3-total-cache.conf;
location ~ [^/]\.php(/|$) {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
include fcgi.conf;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
我也在 wp-config.php
中配置了我的 wordpress 网站define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_CONTENT', true);
并用正确的 url https://www.mywebsite.com
更改了数据库中的 url我的问题是,我遇到了 ERR_TOO_MANY_REDIRECTS 问题。代理似乎运行良好,因为我在容器中有一些 nginx 日志:
[20/Mar/2017:10:50:17 +0100] "GET /wp-login.php HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36"
感谢大家提供的帮助。
编辑 1:
所以我继续解决我的问题,可能会找到一些答案。问题似乎出在 wordpress 上,而不是在代理配置上。
如果我添加:
define('WP_CACHE', true); // Added by W3 Total Cache
echo 'test';exit();
在 wp-config.php 中,我的网站加载了我正确的证书,并且一切正常。所以我的问题似乎是在 wordpress 上,它在 https 上循环,但我不明白为什么。我会逐步调试的。
您收到的重定向过多,因为您在 443 上收听:
listen *:443 ssl;
并重定向到 443
proxy_set_header X-Forwarded-Proto https;
从您的 nginx.conf 中删除此行:
proxy_set_header X-Forwarded-Proto https;
终于,我找到了解决办法。反向代理运行良好。
问题出在正在等待 $_SERVER['HTTPS'] = 'on' 的 wordpress 配置中。但是当我在我的容器中使用 nginx 时,wordpress 一直在 HTTPS 上重定向网站。
所以我只是在 wp-config.php 的顶部设置 $_SERVER['HTTPS'] = 'on'; 就这样。
希望这有时能有所帮助。
刚刚在设置所有内容时遇到了类似的问题。下面是一个适用于我的示例 YAML 文件。
version: '2'
services:
wordpress:
image: wordpress
ports:
- 8080:80
environment:
WORDPRESS_DB_PASSWORD: MyPassword
VIRTUAL_HOST: example.com # replace with real domain
LETSENCRYPT_HOST: example.com # replace with real domain
LETSENCRYPT_EMAIL: email@email.com # replace with real email
mysql:
image: mysql:5.7
environment:
MYSQL_ROOT_PASSWORD: MyPassword
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
ports:
- 80:80
- 443:443
volumes:
- /etc/certs:/etc/nginx/certs:ro
- /var/run/docker.sock:/tmp/docker.sock:ro
- /etc/nginx/vhost.d
- /usr/share/nginx/html
labels:
com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy: "true"
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
container_name: letsencrypt
volumes:
- /etc/certs:/etc/nginx/certs:rw
- /var/run/docker.sock:/var/run/docker.sock:ro
volumes_from:
- nginx-proxy