I have a WordPress site running in Docker behind nginx with HTTPS (Letsencrypt), but I am having trouble with some essential scripts that won't load because the browser claims they are unauthenticated. I also see the dreaded 'Skip to content' link on the homepage. I set things up with jwilder/nginx-proxy and the letsencrypt companion. All my site data is loaded from a MySQL dump, and my initial assumption was that I had to change all the http://example.org entries in the dump file to https://example.org. However I was getting a 301 redirect with that ('too many redirects' error in the browser), so I changed all the links back to http. Now the site loads, but with the unathenticated error (if I accept the unauthenticated links the site loads, of course).
I have seen several solutions to this, or what I think might be solutions, which all seem to involve adding entries to .htaccess and/or wp-config.php. Indeed adding the following to my wp-config.php seems to solve the 'Skip to content' issue:
/** SSL */
define('FORCE_SSL_ADMIN', true);
// in some setups HTTP_X_FORWARDED_PROTO might contain
// a comma-separated list e.g. http,https
// so check for https existence
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
However some pages are still complaining about unauthenticated content, and that the site is not fully secure... Not sure what else to do. Do I need to modify .htaccess too?
