And how I resolved them!
At my place of work we have started isolating clients in LXC (Linux Containers) in a bid to improve the security amongst our clients websites. The way we do this is each client has a LXC container, setup from an image we created with LAMP, and all other assets we need installed already.
Everything works nicely, with apache2 running on the host with mod_proxy enabled, we are able to set up a VirtualHost for each client like this:
<VirtualHost *:80> ServerName yourdomain.com ServerAlias www.yourdomain.com ProxyPreserveHost On ProxyPass / http://10.10.1.4/ # your container IP ProxyPassReverse / http://10.10.1.4/ # your container IP </VirtualHost>
Using ProxyPass and ProxyPassReverse we are able to serve up the website from inside the container.
We use a similar approach for SSL.
<VirtualHost yourdomain.com:443> ServerName yourdomain.com ServerAlias www.yourdomain.com SSLEngine on SSLCertificateFile /var/ssl/yourdomain.com/yourdomain_com.crt SSLCertificateKeyFile /var/ssl/yourdomain.com/yourdomain_com.key SSLCertificateChainFile /var/ssl/yourdomain.com/yourdomain_com.ca-bundle ProxyPreserveHost On ProxyPass / http://10.10.1.4/ # your container IP ProxyPassReverse / http://10.10.1.4/ # your container IP </VirtualHost>
We keep the SSL certificates on the host, because if we use the Proxy to serve up the SSL certificates, we had issues with the domain not matching the request.
Using this method, we can successfully navigate around a website securely.
Unless that website is running WordPress.
If your WordPress setup is configured to use HTTPS, you end up with a redirect loop – WordPress is constantly trying to push you over to the SSL version, not realising you are already on it.
That is because WordPress checks
$_SERVER['HTTPS']
And because the ReverseProxy does not forward that protocol, WordPress doesn’t know.
In our SSL VirtualHost we added this RequestHeader
RequestHeader add X-Forwarded-Ssl on
And then in our wp-config.php file, near the top we added this snippet
if( isset($_SERVER['HTTP_X_FORWARDED_SSL']) ) {
$_SERVER['HTTPS'] = $_SERVER['HTTP_X_FORWARDED_SSL'];
}
Now WordPress is happy that HTTPS is being used, and your redirect loop is no more!
Pingback: Ivon Gregory()