And how I resolved them!

At my place of work we have started isolating clients in LXC (Linux Containers) in a bid to improve the security amongst our clients websites. The way we do this is each client has a LXC container, setup from an image we created with LAMP, and all other assets we need installed already.

Everything works nicely, with apache2 running on the host with mod_proxy enabled, we are able to set up a VirtualHost for each client like this:

<VirtualHost *:80>
        ServerName yourdomain.com
        ServerAlias www.yourdomain.com
        ProxyPreserveHost On
        ProxyPass / http://10.10.1.4/ # your container IP
        ProxyPassReverse / http://10.10.1.4/ # your container IP
</VirtualHost>

Using ProxyPass and ProxyPassReverse we are able to serve up the website from inside the container.

We use a similar approach for SSL.

<VirtualHost yourdomain.com:443>
        ServerName yourdomain.com
        ServerAlias www.yourdomain.com

        SSLEngine on
        SSLCertificateFile /var/ssl/yourdomain.com/yourdomain_com.crt
        SSLCertificateKeyFile /var/ssl/yourdomain.com/yourdomain_com.key
        SSLCertificateChainFile /var/ssl/yourdomain.com/yourdomain_com.ca-bundle

        ProxyPreserveHost On
        ProxyPass / http://10.10.1.4/ # your container IP
        ProxyPassReverse / http://10.10.1.4/ # your container IP
</VirtualHost>

We keep the SSL certificates on the host, because if we use the Proxy to serve up the SSL certificates, we had issues with the domain not matching the request.
Using this method, we can successfully navigate around a website securely.

Unless that website is running WordPress.

If your WordPress setup is configured to use HTTPS, you end up with a redirect loop – WordPress is constantly trying to push you over to the SSL version, not realising you are already on it.

That is because WordPress checks

$_SERVER['HTTPS']

And because the ReverseProxy does not forward that protocol, WordPress doesn’t know.

In our SSL VirtualHost we added this RequestHeader

RequestHeader add X-Forwarded-Ssl on

And then in our wp-config.php file, near the top we added this snippet

if( isset($_SERVER['HTTP_X_FORWARDED_SSL']) ) {
$_SERVER['HTTPS'] = $_SERVER['HTTP_X_FORWARDED_SSL'];
}


Now WordPress is happy that HTTPS is being used, and your redirect loop is no more!