admin管理员组文章数量:1125621
I am installing wordpress 6.2 and this is my install screen
as you can see there is something wrong, then I realised what it is
when you look at the source wordpress is (correctly) working out the server is only http: which technically it is, but this is just a LAN server 192.168.0.10 behind a gateway 192.168.0.1. In reality this gateway machine handles the ssl and certs and forwards it to port 80 via nginx reverse proxy.
This means that the worpdress site "thinks" it's internal references are all on on http: but actually the links will NOT work unless they are https: because the gateway won't forward them
How do I fx it so that the source says
<link rel='stylesheet' id='buttons-css' href='.min.css?ver=6.2' type='text/css' media='all' />
<link rel='stylesheet' id='forms-css' href='.min.css?ver=6.2' type='text/css' media='all' />
<link rel='stylesheet' id='l10n-css' href='.min.css?ver=6.2' type='text/css' media='all' />
<link rel='stylesheet' id='install-css' href='.min.css?ver=6.2' type='text/css' media='all' />
PS: I have tried adding
define('FORCE_SSL_ADMIN', true);
if ( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) && strpos( $_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false ) {
$_SERVER['HTTPS'] = 'on';
}
towards the bottom of wp-config.php but it's having none of it
I am installing wordpress 6.2 and this is my install screen
as you can see there is something wrong, then I realised what it is
when you look at the source wordpress is (correctly) working out the server is only http: which technically it is, but this is just a LAN server 192.168.0.10 behind a gateway 192.168.0.1. In reality this gateway machine handles the ssl and certs and forwards it to port 80 via nginx reverse proxy.
This means that the worpdress site "thinks" it's internal references are all on on http: but actually the links will NOT work unless they are https: because the gateway won't forward them
How do I fx it so that the source says
<link rel='stylesheet' id='buttons-css' href='https://SOMEMADEUPDOMAIN.com/wp-includes/css/buttons.min.css?ver=6.2' type='text/css' media='all' />
<link rel='stylesheet' id='forms-css' href='https://SOMEMADEUPDOMAIN.com/wp-admin/css/forms.min.css?ver=6.2' type='text/css' media='all' />
<link rel='stylesheet' id='l10n-css' href='https://SOMEMADEUPDOMAIN.com/wp-admin/css/l10n.min.css?ver=6.2' type='text/css' media='all' />
<link rel='stylesheet' id='install-css' href='https://SOMEMADEUPDOMAIN.com/wp-admin/css/install.min.css?ver=6.2' type='text/css' media='all' />
PS: I have tried adding
define('FORCE_SSL_ADMIN', true);
if ( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) && strpos( $_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false ) {
$_SERVER['HTTPS'] = 'on';
}
towards the bottom of wp-config.php but it's having none of it
2 Answers
Reset to default 1You need to let wordpress know, it was accessed via https using the X-Forwarded-Proto http header.
I have the following in my nginx (=proxy) config
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
I have a fix, I am not happy with it but it works:
I added define('FORCE_SSL_ADMIN', true); to wp-config.php
Then I changed this method is_ssl() in /wp-includes/load.php to this. I think to avoid this bug, the define('FORCE_SSL_ADMIN', true); check should have be used by the developers.
I added the line if( defined( FORCE_SSL_ADMIN ) ) return FORCE_SSL_ADMIN;
/**
* Determines if SSL is used.
*
* @since 2.6.0
* @since 4.6.0 Moved from functions.php to load.php.
*
* @return bool True if SSL, otherwise false.
*/
function is_ssl() {
if( defined( FORCE_SSL_ADMIN ) ) return FORCE_SSL_ADMIN;
if ( isset( $_SERVER['HTTPS'] ) ) {
if ( 'on' === strtolower( $_SERVER['HTTPS'] ) ) {
return true;
}
if ( '1' == $_SERVER['HTTPS'] ) {
return true;
}
} elseif ( isset( $_SERVER['SERVER_PORT'] ) && ( '443' == $_SERVER['SERVER_PORT'] ) ) {
return true;
}
return false;
}
PS: I think it is a bug because the code does not operate under a principle know as single source of truth
本文标签:
版权声明:本文标题:ssl - wordpress is auto using http: not https: as it needs to because the server is http behind a reverse proxy https, how do I 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736657881a1946302.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
FORCE_SSL_ADMINis for admin, but your screenshot shows an installer page – Tom J Nowell ♦ Commented May 4, 2023 at 16:09homeandsiteurlset to in your database's{$prefix}optionstable? If they're set tohttp://example.com, change them tohttps://example.com. – Pat J Commented May 4, 2023 at 16:11HTTP_X_FORWARDED_PROTObut have you confirmed that it is indeed present and set? How is your proxy implemented? Doing this is possible without modifying WP core – Tom J Nowell ♦ Commented May 4, 2023 at 17:31