HTTPS reverse proxy redirect loop

  • Resolved SerializingMe

    (@serializingme)


    9 years, 11 months ago

    Hi,

    I have tried everything I have found on the support forums and around the Internet but to no avail (running WordPress 4.1.1). Follows a description of the configuration. I can only access the HTTPS reverse proxied WordPress installation if in “wp-config.php”, I set the $_SERVER[‘HTTP_HOST’] variable to NULL (see bellow).

    1. WordPress
    1.1. Site URL: https://www.external.domain (configuration in database)
    1.2. Home: https://www.external.domain (configuration in database)
    1.3. Reverse proxy related code in “config-wp.php”
    if (!empty($_SERVER[‘HTTP_X_FORWARDED_HOST’])) {
    //$_SERVER[‘HTTP_HOST’] = NULL;
    $_SERVER[‘HTTP_HOST’] = $_SERVER[‘HTTP_X_FORWARDED_HOST’];
    }

    // Need to add IPv6 support
    if (!empty($_SERVER[‘HTTP_X_REAL_IP’]) && preg_match( ‘/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/’, $_SERVER[‘HTTP_X_REAL_IP’])) {
    $_SERVER[‘REMOTE_ADDR’] = $_SERVER[‘HTTP_X_REAL_IP’];
    }

    if (!empty($_SERVER[‘HTTP_X_FORWARDED_PROTO’]) && $_SERVER[‘HTTP_X_FORWARDED_PROTO’] === ‘https’) {
    $_SERVER[‘HTTPS’] = ‘on’;
    }

    2. NGINX
    2.1. Frontend HTTPS termination configuration
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_pass https://www.internal.domain;

    2.2. Backend HTTP configuration
    try_files $uri =404;
    fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;

    3. Example communication from reverse proxy to backend
    3.1. Request
    GET /index.php HTTP/1.0
    X-Real-IP: xxx.xxx.xxx.xxx
    X-Forwarded-Host: https://www.external.domain
    X-Forwarded-For: xxx.xxx.xxx.xxx
    X-Forwarded-Proto: https
    Host: https://www.internal.domain
    Connection: close
    User-Agent: (…)
    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    Accept-Language: en-gb,en;q=0.5
    Accept-Encoding: gzip, deflate
    Cookie: (…)

    3.2. Response
    HTTP/1.1 301 Moved Permanently
    Server: nginx
    Date: Thu, 16 Apr 2015 10:44:58 GMT
    Content-Type: text/html; charset=UTF-8
    Connection: close
    X-Pingback: https://www.external.domain/xmlrpc.php
    Expires: Wed, 11 Jan 1984 05:00:00 GMT
    Cache-Control: no-cache, must-revalidate, max-age=0
    Pragma: no-cache
    Location: https://www.external.domain/

    What the hell am I doing wrong or have I missed??

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter SerializingMe

    (@serializingme)

    Anyone?

    Thread Starter SerializingMe

    (@serializingme)

    No longer happens.

    How did you fix it?

    Thread Starter SerializingMe

    (@serializingme)

    Here it goes the configuration that I’m currently using with the latest version (4.2.4, tweaked it since my last post).

    1. WordPress
    1.1. Site URL: https://www.external.domain (configuration in database)
    1.2. Home: https://www.external.domain (configuration in database)
    1.3. Reverse proxy related code in “config-wp.php”

    if (!empty($_SERVER['HTTP_X_FORWARDED_HOST'])) {
        $_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
}

if (!empty($_SERVER['HTTP_X_REAL_IP']) && (filter_var($_SERVER['HTTP_X_REAL_IP'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) !== FALSE || filter_var($_SERVER['HTTP_X_REAL_IP'], FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== FALSE)) {
        $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_REAL_IP'];
}

if (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
        $_SERVER['HTTPS'] = 'on';
}

    2. NGINX
    2.1. Frontend HTTPS termination configuration

    # Proxy pass requests to the internal server
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://www.internal.domain;

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘HTTPS reverse proxy redirect loop’ is closed to new replies.