0

I have successfully setup a wordpress site running on a dockerized nginx. When the wordpress site is up and running, I can go to the home page: https://my_domain.com or any links or at wp-admin/...(after logged in at /wp-login.php which is accessible) without any problem.

But when I go to https://my_domain.com/sample-page or https://my_domain.com/post-id or /wp-admin(if not logged in) it immediately redirects to the proxy_pass http://wordpress_host:80(set in nginx config file) which cannot be right, it should the https://my_domain.com/post-id in client's browser.

client's browser wrong url

with route /wp-admin/ before logged in, if I append index.php to /wp-admin/index.php it works while without it doesn't

Here is my nginx config:

server {
    listen 80;
    listen [::]:80;
    server_name my_domain.com www.my_domain.com;

    location / {
        return 301 https://my_domain.com$request_uri;
    }
}


server {
    listen 443 ssl http2;
    server_name my_domain.com www.my_domain.com;

    ssl on;
    server_tokens off;
    ssl_certificate /etc/nginx/ssl/live/my_domain.com/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/live/my_domain.com/privkey.pem;
    ssl_dhparam /etc/nginx/dhparam/dhparam-2048.pem;

    ssl_buffer_size 8k;
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
    # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
    # enable strict transport security only if you understand the implications


    location / {
          try_files $uri $uri/ /index.php$is_args$args;

          proxy_pass http://wordpress_host:80; 
          proxy_set_header X-Real-IP $remote_addr; 
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 

          proxy_redirect http://wordpress_host:80 https://my_domain.com/;
          proxy_cookie_domain http://wordpress_host:80 my_domain.com;
          proxy_set_header X-Forwarded-Proto https;
    }

    location ~ \.php$ {
          try_files $uri =404;
          fastcgi_split_path_info ^(.+\.php)(/.+)$;
          proxy_pass http://wordpress_host:80;
          fastcgi_index index.php;
          include fastcgi_params;
          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
          fastcgi_param PATH_INFO $fastcgi_path_info;

          proxy_set_header X-Real-IP $remote_addr; 
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 

          proxy_redirect http://wordpress_host:80 https://my_domain.com/;
          proxy_cookie_domain http://wordpress_host:80 my_domain.com;
          proxy_set_header X-Forwarded-Proto https;
    }

    location ~ /\.ht {
          deny all;
    }
        
    location = /favicon.ico { 
          log_not_found off; access_log off; 
    }

    location = /robots.txt { 
          log_not_found off; access_log off; allow all; 
    }

    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
          expires max;
          log_not_found off;
    }
}

I also config at wp-config.php:

define('FORCE_SSL_ADMIN', true); 

if ( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') 
$_SERVER['HTTPS']='on';

define('WP_SITEURL', 'https://www.my_domain.com/');
define('WP_HOME', 'https://www.my_domain.com/');
Kim Mỹ
  • 111
  • 3

1 Answers1

0

You have set your SITEURL with www prefix. This matches only to requests that have the www prefix.

You should do a 301 redirect from my.example.com to www.my.example.com in nginx, so that all requests are routed properly to WordPress.

Tero Kilkanen
  • 36,796
  • 3
  • 41
  • 63