Apache-2.2

Nginx - Apache 的子域,WP 的索引

  • June 1, 2016

我正在嘗試在我們現有的設置上部署我們的新 Wordpress(在 Docker 中使用 Apache2)單頁瀏覽器。

在 LB 正下方,我們有一個 Nginx 伺服器,它終止 SSL 並通過 Haproxy 將純 HTTP 請求代理到 Apache2 後端。

該設置一切正常。

然而,現在我們通過 Haproxy 將所有子域以及 /login 頁面路由到舊應用程序,就像以前一樣,並將其他所有內容髮送到我們的 Wordpress 伺服器(也通過反向代理到它自己的 Apache2)。目標是只讓我們的 Wordpress 容器提供首頁和 WP 資源,並從所有子域 + 其 /login 頁面提供舊應用程序。

子域路由工作正常,我們正在訪問應用程序。問題在於 Wordpress 頁面通過 HTTP 部分載入內容(因此顯示混合內容),並且我們無法訪問它的 /wp-admin 頁面(進入無限循環)。

這是配置:

   add_header X-Frame-Options SAMEORIGIN;
   add_header X-Content-Type-Options nosniff;
   add_header X-XSS-Protection "1; mode=block";
   add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net; img-src 'self' https://ssl.google-analytics.com https://s-static.ak.facebook.com https://assets.zendesk.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://assets.zendesk.com; font-src 'self' https://themes.googleusercontent.com; frame-src https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src 'none'";

   server {
           listen   80; 
           listen   [::]:80;
           server_name website.info www.website.info;

           location / {
           return 301 https://$server_name$request_uri;
           }
       }

   server {
           listen 443 ssl spdy;
           listen [::]:443 ssl;

           server_name website.info www.website.info;

           root /var/www/htdocs/;

           ssl_certificate /usr/local/ssl.crt;
           ssl_certificate_key /usr/local/website.com.key;

           ssl_session_cache shared:SSL:50m;
           ssl_session_timeout 5m;

           ssl_dhparam /usr/local/dhparam.pem;
           ssl_prefer_server_ciphers on;
           ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
           ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
           ssl_buffer_size           8k;

           ssl_stapling on;
           ssl_stapling_verify on;
           ssl_trusted_certificate /usr/local/ssl.crt;

           resolver 8.8.4.4 8.8.8.8 valid=300s;
           resolver_timeout 10s;

           add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";


           location / {
           index index.php

           client_max_body_size    10m;
           client_body_buffer_size 128k;

           proxy_send_timeout   90s;
           proxy_read_timeout   90s;
           proxy_buffer_size    128k;
           proxy_buffers     4 256k;
           proxy_busy_buffers_size 256k;
           proxy_temp_file_write_size 256k;
           proxy_connect_timeout 75s;

           proxy_redirect  off;

           proxy_pass   http://172.16.11.11/;

           proxy_set_header   Host   $host;
           proxy_set_header   X-Real-IP  $remote_addr;
           proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Forwarded-Proto $remote_addr;
           proxy_set_header X-Forwarded-Protocol $scheme;
           proxy_pass_header Server;
           }

           location /login {

           client_max_body_size    10m;
           client_body_buffer_size 128k;

           proxy_send_timeout   90s;
           proxy_read_timeout   90s;
           proxy_buffer_size    128k;
           proxy_buffers     4 256k;
           proxy_busy_buffers_size 256k;
           proxy_temp_file_write_size 256k;
           proxy_connect_timeout 75s;

           proxy_redirect  off;

           proxy_pass   http://127.0.0.1:3214/;

           proxy_set_header   Host   $host;
           proxy_set_header   X-Real-IP  $remote_addr;
           proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Forwarded-Proto $remote_addr;
           proxy_set_header X-Forwarded-Protocol $scheme;
           proxy_pass_header Server;
           }    

           location /wp-admin/ {

           client_max_body_size    10m;
           client_body_buffer_size 128k;

           proxy_send_timeout   90s;
           proxy_read_timeout   90s;
           proxy_buffer_size    128k;
           proxy_buffers     4 256k;
           proxy_busy_buffers_size 256k;
           proxy_temp_file_write_size 256k;
           proxy_connect_timeout 75s;

           proxy_redirect  off;

           proxy_pass   http://172.16.11.11/;

           proxy_set_header   Host   $host;
           proxy_set_header   X-Real-IP  $remote_addr;
           proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Forwarded-Proto $remote_addr;
           proxy_set_header X-Forwarded-Protocol $scheme;
           proxy_pass_header Server;
           }

           }

   server {
           listen 443 default ssl spdy;
           listen [::]:443 ssl;
           server_name *.website.info;

           root /var/www/htdocs;

           ssl_certificate /usr/local/chain1.pem;
           ssl_certificate_key /usr/local/key1.pem;


           ssl_session_cache shared:SSL:50m;
           ssl_session_timeout 5m;

           ssl_dhparam /usr/local/dhparam.pem;

           ssl_prefer_server_ciphers on;
           ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

           ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
           ssl_buffer_size           8k;

           ssl_stapling on;
           ssl_stapling_verify on;
           ssl_trusted_certificate /usr/local/sslcert/ssl-unified.crt;

           resolver 8.8.4.4 8.8.8.8 valid=300s;
           resolver_timeout 10s;

           add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";


           location /public/ {
           expires max;
           add_header Pragma public;
           add_header Cache-Control "public";
           }

           location / {
           index index.php

           client_max_body_size    10m;
           client_body_buffer_size 128k;

           proxy_send_timeout   90s;
           proxy_read_timeout   90s;
           proxy_buffer_size    128k;
           proxy_buffers     4 256k;
           proxy_busy_buffers_size 256k;
           proxy_temp_file_write_size 256k;
           proxy_connect_timeout 75s;

           proxy_redirect  off;

           proxy_pass   http://127.0.0.1:3214/;

           proxy_set_header   Host   $host;
           proxy_set_header   X-Real-IP  $remote_addr;
           proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Forwarded-Proto $remote_addr;
           proxy_set_header X-Forwarded-Protocol $scheme;
           proxy_pass_header Server;
           }    

            location ~ /\.ht {
                   deny all;
           }
   }

在這一點上,我認為我遺漏了一些微不足道的東西,並且希望能對這個問題另眼相看。

通過調整 WP 選項數據庫表中的站點 URL 解決。

“siteurl”配置為https://site.info

“家”設置為http://172.16.11.11

瞧!

您似乎正在發送//wp-admin/http://172.16.11.11/.

如果你想發送/http://172.16.11.11/

/wp-admin/_http://172.16.11.11/wp-admin/

你需要調整你的proxy_pass指令。和的尾隨/將導致重寫 URI。有關詳細資訊,請參閱此文件location``proxy_pass``nginx

對於 WordPress 實例,我建議您需要一個透明的反向代理,在這種情況下:

proxy_pass   http://172.16.11.11;

location兩個塊都足夠了。

引用自:https://serverfault.com/questions/778778