Thank you -
On Mon, Jun 27, 2016 at 8:27 PM, Simone Bordet <[email protected]> wrote:
>
> Ah, you are offloading TLS.
>
> Then use the PROXY protocol, Jetty supports that too.
> Use the "send-proxy" directive in the HAProxy configuration, and add
> the "proxy-protocol" module in Jetty.
> That will take care of the REMOTE_ADDR problem.
>
> The solution for HTTPS=on that I use is to redirect, in HAProxy,
> "http" to "https". In this way it is always HTTPS=on, and you can
> force that with a parameter in Jetty's FastCGIProxyServlet, see
>
> https://github.com/eclipse/jetty.project/blob/jetty-9.3.10.v20160621/jetty-fcgi/fcgi-server/src/main/java/org/eclipse/jetty/fcgi/server/proxy/FastCGIProxyServlet.java#L63
> .
>
>
I don't want to enforce https through redirect in HAProxy yet.
But the good news is that after I have followed your suggestion and added
send-proxy there and also the Jetty proxy-protocol module - Wordpress
started working properly without any customization of its wp-config.php
I have looked into wp-includes/functions.php and they also check for the
SERVER_PORT to be 443:
function is_ssl() {
if ( isset($_SERVER['HTTPS']) ) {
if ( 'on' == strtolower($_SERVER['HTTPS']) )
return true;
if ( '1' == $_SERVER['HTTPS'] )
return true;
} elseif ( isset($_SERVER['SERVER_PORT']) &&
( '443' == $_SERVER['SERVER_PORT'] ) ) {
return true;
}
return false;
}
which has fixed my problems, because the $_SERVER looks now:
[27-Jun-2016 19:57:49 UTC] Array
(
[USER] => apache
[HOME] => /usr/share/httpd
[FCGI_ROLE] => RESPONDER
[DOCUMENT_URI] => /index.php
[QUERY_STRING] => p=/contact/
[CONTENT_LENGTH] =>
[CONTENT_TYPE] =>
[REQUEST_METHOD] => GET
[SERVER_PROTOCOL] => HTTP/1.1
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_SOFTWARE] => Jetty/9.3.10.v20160621
[HTTP_COOKIE] => XXXXXX
[HTTP_ACCEPT] =>
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
[HTTP_UPGRADE_INSECURE_REQUESTS] => 1
[HTTP_USER_AGENT] => Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
[HTTP_REFERER] => https://slova.de/
[HTTP_X_FORWARDED_FOR] => 217.246.208.206
[HTTP_DNT] => 1
[HTTP_ACCEPT_ENCODING] => gzip, deflate, sdch, br
[HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8,de-DE;q=0.6,de;q=0.4,ru;q=0.2
[HTTP_VIA] => http/1.1 www
[HTTP_X_FORWARDED_PROTO] => http
[HTTP_X_FORWARDED_HOST] => slova.de
[HTTP_X_FORWARDED_SERVER] => 144.76.184.151
[HTTP_HOST] => slova.de
[DOCUMENT_ROOT] => /var/www/html/slova.de
[REMOTE_ADDR] => 217.246.208.206
[REMOTE_PORT] => 63489
[SERVER_NAME] => slova.de
[SERVER_ADDR] => 144.76.184.151
[SERVER_PORT] => 443
[REQUEST_URI] => /contact/
[SCRIPT_NAME] => /index.php
[SCRIPT_FILENAME] => /var/www/html/slova.de/index.php
[PHP_SELF] => /index.php
[REQUEST_TIME_FLOAT] => 1467057469.9473
[REQUEST_TIME] => 1467057469
)
Regards
Alex
_______________________________________________
jetty-users mailing list
[email protected]
To change your delivery options, retrieve your password, or unsubscribe from
this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-users
