Nginx - Apache 的子域,WP 的索引
我正在嘗試在我們現有的設置上部署我們的新 Wordpress(在 Docker 中使用 Apache2)單頁瀏覽器。
在 LB 正下方,我們有一個 Nginx 伺服器,它終止 SSL 並通過 Haproxy 將純 HTTP 請求代理到 Apache2 後端。
該設置一切正常。
然而,現在我們通過 Haproxy 將所有子域以及 /login 頁面路由到舊應用程序,就像以前一樣,並將其他所有內容髮送到我們的 Wordpress 伺服器(也通過反向代理到它自己的 Apache2)。目標是只讓我們的 Wordpress 容器提供首頁和 WP 資源,並從所有子域 + 其 /login 頁面提供舊應用程序。
子域路由工作正常,我們正在訪問應用程序。問題在於 Wordpress 頁面通過 HTTP 部分載入內容(因此顯示混合內容),並且我們無法訪問它的 /wp-admin 頁面(進入無限循環)。
這是配置:
add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'"; server { listen 80; listen [::]:80; server_name website.info www.website.info; location / { return 301 https://$server_name$request_uri; } } server { listen 443 ssl spdy; listen [::]:443 ssl; server_name website.info www.website.info; root /var/www/htdocs/; ssl_certificate /usr/local/ssl.crt; ssl_certificate_key /usr/local/website.com.key; ssl_session_cache shared:SSL:50m; ssl_session_timeout 5m; ssl_dhparam /usr/local/dhparam.pem; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; ssl_buffer_size 8k; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /usr/local/ssl.crt; resolver 8.8.4.4 8.8.8.8 valid=300s; resolver_timeout 10s; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; location / { index index.php client_max_body_size 10m; client_body_buffer_size 128k; proxy_send_timeout 90s; proxy_read_timeout 90s; proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_connect_timeout 75s; proxy_redirect off; proxy_pass http://172.16.11.11/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $remote_addr; proxy_set_header X-Forwarded-Protocol $scheme; proxy_pass_header Server; } location /login { client_max_body_size 10m; client_body_buffer_size 128k; proxy_send_timeout 90s; proxy_read_timeout 90s; proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_connect_timeout 75s; proxy_redirect off; proxy_pass http://127.0.0.1:3214/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $remote_addr; proxy_set_header X-Forwarded-Protocol $scheme; proxy_pass_header Server; } location /wp-admin/ { client_max_body_size 10m; client_body_buffer_size 128k; proxy_send_timeout 90s; proxy_read_timeout 90s; proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_connect_timeout 75s; proxy_redirect off; proxy_pass http://172.16.11.11/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $remote_addr; proxy_set_header X-Forwarded-Protocol $scheme; proxy_pass_header Server; } } server { listen 443 default ssl spdy; listen [::]:443 ssl; server_name *.website.info; root /var/www/htdocs; ssl_certificate /usr/local/chain1.pem; ssl_certificate_key /usr/local/key1.pem; ssl_session_cache shared:SSL:50m; ssl_session_timeout 5m; ssl_dhparam /usr/local/dhparam.pem; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; ssl_buffer_size 8k; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /usr/local/sslcert/ssl-unified.crt; resolver 8.8.4.4 8.8.8.8 valid=300s; resolver_timeout 10s; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; location /public/ { expires max; add_header Pragma public; add_header Cache-Control "public"; } location / { index index.php client_max_body_size 10m; client_body_buffer_size 128k; proxy_send_timeout 90s; proxy_read_timeout 90s; proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_connect_timeout 75s; proxy_redirect off; proxy_pass http://127.0.0.1:3214/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $remote_addr; proxy_set_header X-Forwarded-Protocol $scheme; proxy_pass_header Server; } location ~ /\.ht { deny all; } }
在這一點上,我認為我遺漏了一些微不足道的東西,並且希望能對這個問題另眼相看。
通過調整 WP 選項數據庫表中的站點 URL 解決。
“siteurl”配置為https://site.info
“家”設置為http://172.16.11.11
瞧!
您似乎正在發送
/
和/wp-admin/
到http://172.16.11.11/
.如果你想發送
/
到http://172.16.11.11/
並
/wp-admin/
_http://172.16.11.11/wp-admin/
你需要調整你的
proxy_pass
指令。和的尾隨/
將導致重寫 URI。有關詳細資訊,請參閱此文件。location``proxy_pass``nginx
對於 WordPress 實例,我建議您需要一個透明的反向代理,在這種情況下:
proxy_pass http://172.16.11.11;
location
兩個塊都足夠了。