Problem with WordPress behind Reverse Proxy

  • Things almost work – but not quite!

    We are trying to run WordPress 5.3.2 behind a Reverse Proxy (hosted on Citrix Netscaler VPX appliances). We are wanting to do SSL offload – i.e. internally we are talking only to a RHEL server on Port 80.

    We are doing a multisite installation and the canonical (internal) name is https://sites.massey.ac.nz, whereas the virtualised / Rev Proxy address is:

    https://www.massey.ac.nz/sites2/

    This is the block of code that I have added to the top of our wp-config.php

    if ($_SERVER['HTTP_CS_VS'] == 'cs-vs-ssl-proxy') { 
  /* Request is from Rev Proxy */
  $_SERVER['HTTP_X_FORWARDED_HOST'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
  $_SERVER['HTTP_X_FORWARDED_SERVER'] = $_SERVER['HTTP_X_FORWARDED_FOR'];
  define('WP_HOME', 'https://www.massey.ac.nz/sites2');
  define('WP_SITEURL', 'https://www.massey.ac.nz/sites2');
  $_SERVER['REQUEST_URI'] = str_replace("wordpress", "sites2", $_SERVER['REQUEST_URI']);
}

    I would expect this to rewrite ALL URLs and almost all of the URLs are. But the problem is some resources are still coming through with the canonical (i.e. https://sites.massey.ac.nz URL – particularly some key components of WordPress. For example, in my Safari developer console:

    [blocked] The page at https://www.massey.ac.nz/sites2/ was not allowed to run insecure content from https://sites.massey.ac.nz/wp-includes/js/wp-emoji-release.min.js?ver=5.3.2.

    I’m not sure how to go about troubleshooting this. Could someone please help.

    Here is a screenshot showing the problem. Please note the red box highlighted in the Safari Developer console:

    https://ibb.co/mh82ThZ

    Thanks in Advance,

    Patrick

    • This topic was modified 5 years, 1 month ago by prynhart.
    • This topic was modified 5 years, 1 month ago by prynhart.
    • This topic was modified 5 years, 1 month ago by prynhart.

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)

  • I’d get the WordPress fixed first, probably the best fix would be to get a cert for the origin box and rename the origin to its real name (public name) via domain mapping… a lot less trouble.

    Now bring your proxy back.

    I’d check that the siteurl and home in the wp_options have “https” instead of “http”.

    Also, I have a hack, probably not wise, in a short mu-plugin, that just gets rid of the scheme entirely, because that’s how it’s done nowadays:

    function jk_force_relative( $url, $scheme, $orig_scheme ) {
    if ($scheme == 'http') {
        $url = str_replace( 'https://', '//', $url );
    }
    return $url;
}

// Now we set that function up to execute when the admin_notices action is called.
add_filter( 'set_url_scheme', 'jk_force_relative', 10, 3 );
    • This reply was modified 4 years, 8 months ago by johnkawakami.
    • This reply was modified 4 years, 8 months ago by johnkawakami.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Problem with WordPress behind Reverse Proxy’ is closed to new replies.