Nginx reverse proxy to apache won't allow query strings in Wordpress admin

Question

I'm running Wordpress on a DigitalOcean droplet, it was working fine with an apache server but I put it behind an Nginx reverse proxy to serve static files better. The front-end website works but I'm having problems with the wp-admin area.

I can access the main wp-admin section without issue, (domain.com/wp-admin) and also any .php page (e.g. /wp-admin/upload.php) however anytime I need to list something by post-type e.g.

/wp-admin/post-new.php?post_type=page

or

/wp-admin/edit.php?post_type=product

I get "post type not valid".

I'm assuming it's the nginx configuration, this is I think the only .conf file I edited at all when setting up nginx (it's in /etc/nginx/sites-available)

server {
listen 80;
listen 443;
server_name domain.com www.domain.com;
root /var/www/html;
index index.php index.htm index.html;

ssl on;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;

location / {
    try_files $uri $uri/ /index.php?$request_uri$query_string$is_args$args;
}

location ~ \.php$ {
    proxy_pass http://ipaddress:85$request_uri$query_string$is_args$args;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

location ~ /\. {
    deny all;
}
}

Could anyone help me find out what's going on here? Or at least where to look to debug this.

Edit: found this in my apache access log:

10.15.0.2 - - [07/Dec/2017:17:15:05 +0000] "GET /wp-admin/edit.php?post_type=page?post_type=page HTTP/1.0" 500 3814 "www.domain.net/wp-admin/post.php?post=2&action=edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"

score 1 · Accepted Answer · answered Dec 07 '17 at 18:17

I found the issue, it was a silly issue:

location ~ \.php$ {
    proxy_pass http://ipaddress:port$request_uri;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

instead of

location ~ \.php$ {
proxy_pass http://ipaddress:85$request_uri$query_string$is_args$args;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

}

The $is_args$args was leading to duplicated query strings

Slavisa · Answer 2 · 2017-12-07T18:01:38.233

Check your nginx error log usually in /var/log/nginx/error.log. Failed POST requests can be caused by nginx being unable to write temp files.

Also, try config like this:

server {
listen 80;
server_name _;
root /var/www/html;
index index.php index.html index.htm;

error_log /var/log/nginx/error.log;
location / {
# Send requests to backend Apache
proxy_pass http://ipaddress:port;
# Send appropriate headers to the backend
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";

# Hide uneeded headers from the backend
proxy_hide_header X-Powered-By;
proxy_hide_header X-Pingback;
proxy_hide_header X-Link;

# Ignore following headers
proxy_ignore_headers X-Accel-Expires;
proxy_ignore_headers Cache-Control;
proxy_ignore_headers Expires;
proxy_ignore_headers Set-Cookie;

# Set files larger than 1M to stream rather than cache
proxy_max_temp_file_size 1M;
}
# Enable browser caching for image files
location ~* \.(css|js|gif|jpe?g|png)$ {
expires 15d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
# this prevents hidden files (beginning with a period) from being served, and
# Disable access to the wp-config | readme files
location ~ /(\.|wp-config.php|readme.html|licence.txt|readme.txt) { return 404; }
# Disable access to PHP files inside uploads/ directory
location ~* /uploads/.*\.php$ { deny all; }
location ~* (wp-includes|includes)$ { deny all; }
# Disable direct access to cache directory
location /wp-content/cache/ { deny all; }
}

This doesn't separate my static and dynamic content though, I'd probably have to modify something to serve files without apache — Taha Attari, Dec 07 '17 at 18:15
I don't see a try_files which I think is necessary for Wordpress — Tim, Dec 07 '17 at 18:15

Nginx reverse proxy to apache won't allow query strings in Wordpress admin

2 Answers2