Hi Simone, are you sure - On Mon, Jun 27, 2016 at 3:27 PM, Simone Bordet <[email protected]> wrote:
> On Sun, Jun 26, 2016 at 8:06 PM, Alexander Farber > <[email protected]> wrote: > > My only problem is that with Apache I had the following wp-config.php > > > > if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) > > $_SERVER['HTTPS'] = 'on'; // works with Apache, but not Jetty > > > > if (preg_match('/^\d+\.\d+\.\d+\.\d+$/', > $_SERVER['HTTP_X_FORWARDED_FOR'])) > > $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR']; > > This special code I presume you added in wp-config.php is not needed with > Jetty. > Jetty already does this logic in FastCGIProxyServlet, namely: > > * if the client request came in with an "https" scheme, then "HTTPS=on" > * client request's remote address and port are set to "REMOTE_ADDR" > and "REMOTE_PORT" respectively. > > > And in my /etc/haproxy/haproxy.cfg I set these 2 variables: > > You don't need them. > > I try to follow your directions and have now the following /ect/haproxy/haproxy.cfg: frontend public bind 144.76.184.151:80 bind 144.76.184.151:443 ssl crt /etc/pki/tls/certs/slova.de.pem default_backend jetty backend jetty server domain 127.0.0.1:8888 And in wp-config.php I remove my custom $_SERVER modifying code and just print it with error_log(print_r($_SERVER, TRUE)); Then when visiting https://slova.de I see in /var/log/php-fpm/www-error.log [27-Jun-2016 13:48:25 UTC] Array ( [USER] => apache [HOME] => /usr/share/httpd [FCGI_ROLE] => RESPONDER [DOCUMENT_URI] => /index.php [QUERY_STRING] => [CONTENT_LENGTH] => [CONTENT_TYPE] => [REQUEST_METHOD] => GET [SERVER_PROTOCOL] => HTTP/1.1 [GATEWAY_INTERFACE] => CGI/1.1 [SERVER_SOFTWARE] => Jetty/9.3.10.v20160621 [HTTP_COOKIE] => slova_users=XXXXXXXXXXXXX [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 [HTTP_CACHE_CONTROL] => max-age=0 [HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0 [HTTP_X_FORWARDED_FOR] => 127.0.0.1 [HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8,de-DE;q=0.5,de;q=0.3 [HTTP_ACCEPT_ENCODING] => gzip, deflate [HTTP_DNT] => 1 [HTTP_VIA] => http/1.1 www [HTTP_X_FORWARDED_PROTO] => http [HTTP_X_FORWARDED_HOST] => slova.de [HTTP_X_FORWARDED_SERVER] => 127.0.0.1 [HTTP_HOST] => slova.de [DOCUMENT_ROOT] => /var/www/html/slova.de [REMOTE_ADDR] => 127.0.0.1 [REMOTE_PORT] => 59885 [SERVER_NAME] => slova.de [SERVER_ADDR] => 127.0.0.1 [SERVER_PORT] => 8888 [REQUEST_URI] => / [SCRIPT_NAME] => /index.php [SCRIPT_FILENAME] => /var/www/html/slova.de/index.php [PHP_SELF] => /index.php [REQUEST_TIME_FLOAT] => 1467035305.065 [REQUEST_TIME] => 1467035305 ) As you see: [HTTP_X_FORWARDED_PROTO] => http [REMOTE_ADDR] => 127.0.0.1 [REMOTE_PORT] => 59885 It seems to me that in my setup with HAProxy (ports :80 and :443) -> Jetty (port :8888) -> php-fpm (port 9000) Jetty gets incoming connection from HAProxy and "thinks" it is no-SSL and thus wrongly sets HTTP_X_FORWARDED_PROTO to "http". This then breaks Wordpress site in the browser, because the https://slova.de/index.php contains no-SSL elements (css, js, images). A solution would be if Jetty would *append* the (comma-separated) value "http" to the existing value of HTTP_X_FORWARDED_PROTO variable (already set to "https" by HAProxy). Then I could add to wp-config.php: if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) $_SERVER['HTTPS'] = 'on'; Regards Alex
_______________________________________________ jetty-users mailing list [email protected] To change your delivery options, retrieve your password, or unsubscribe from this list, visit https://dev.eclipse.org/mailman/listinfo/jetty-users
