Re: [jetty-users] WordPress on CentOS 7 Linux

[Alexander Farber <alexander.farber@xxxxxxxxx>]

Hi Simone, are you sure -

On Mon, Jun 27, 2016 at 3:27 PM, Simone Bordet <sbordet@xxxxxxxxxxx> wrote:

On Sun, Jun 26, 2016 at 8:06 PM, Alexander Farber
<alexander.farber@xxxxxxxxx> wrote:
> My only problem is that with Apache I had the following wp-config.php
>
> if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
>         $_SERVER['HTTPS'] = 'on';  // works with Apache, but not Jetty
>
> if (preg_match('/^\d+\.\d+\.\d+\.\d+$/', $_SERVER['HTTP_X_FORWARDED_FOR']))
>         $_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_FORWARDED_FOR'];

This special code I presume you added in wp-config.php is not needed with Jetty.
Jetty already does this logic in FastCGIProxyServlet, namely:

* if the client request came in with an "https" scheme, then "HTTPS=on"
* client request's remote address and port are set to "REMOTE_ADDR"
and "REMOTE_PORT" respectively.

> And in my /etc/haproxy/haproxy.cfg I set these 2 variables:

You don't need them.

I try to follow your directions and have now the following /ect/haproxy/haproxy.cfg:

frontend public
    bind 144.76.184.151:80
    bind 144.76.184.151:443 ssl crt /etc/pki/tls/certs/slova.de.pem
    default_backend jetty

backend jetty
    server domain 127.0.0.1:8888

And in wp-config.php I remove my custom $_SERVER modifying code and just print it with

error_log(print_r($_SERVER, TRUE));

Then when visiting https://slova.de I see in /var/log/php-fpm/www-error.log

[27-Jun-2016 13:48:25 UTC] Array
(
    [USER] => apache
    [HOME] => /usr/share/httpd
    [FCGI_ROLE] => RESPONDER
    [DOCUMENT_URI] => /index.php
    [QUERY_STRING] =>
    [CONTENT_LENGTH] =>
    [CONTENT_TYPE] =>
    [REQUEST_METHOD] => GET
    [SERVER_PROTOCOL] => HTTP/1.1
    [GATEWAY_INTERFACE] => CGI/1.1
    [SERVER_SOFTWARE] => Jetty/9.3.10.v20160621
    [HTTP_COOKIE] => slova_users=XXXXXXXXXXXXX
    [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
    [HTTP_CACHE_CONTROL] => max-age=0
    [HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
    [HTTP_X_FORWARDED_FOR] => 127.0.0.1
    [HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8,de-DE;q=0.5,de;q=0.3
    [HTTP_ACCEPT_ENCODING] => gzip, deflate
    [HTTP_DNT] => 1
    [HTTP_VIA] => http/1.1 www
    [HTTP_X_FORWARDED_PROTO] => http
    [HTTP_X_FORWARDED_HOST] => slova.de
    [HTTP_X_FORWARDED_SERVER] => 127.0.0.1
    [HTTP_HOST] => slova.de
    [DOCUMENT_ROOT] => /var/www/html/slova.de
    [REMOTE_ADDR] => 127.0.0.1
    [REMOTE_PORT] => 59885
    [SERVER_NAME] => slova.de
    [SERVER_ADDR] => 127.0.0.1
    [SERVER_PORT] => 8888
    [REQUEST_URI] => /
    [SCRIPT_NAME] => /index.php
    [SCRIPT_FILENAME] => /var/www/html/slova.de/index.php
    [PHP_SELF] => /index.php
    [REQUEST_TIME_FLOAT] => 1467035305.065
    [REQUEST_TIME] => 1467035305
)

As you see:

    [HTTP_X_FORWARDED_PROTO] => http
    [REMOTE_ADDR] => 127.0.0.1
    [REMOTE_PORT] => 59885

It seems to me that in my setup with

    HAProxy (ports :80 and :443) -> Jetty (port :8888) -> php-fpm (port 9000)

Jetty gets incoming connection from HAProxy and "thinks" it is no-SSL and thus wrongly sets HTTP_X_FORWARDED_PROTO to "http".

This then breaks Wordpress site in the browser, because the https://slova.de/index.php contains no-SSL elements (css, js, images).

A solution would be if Jetty would *append* the (comma-separated) value "http" to the existing value of HTTP_X_FORWARDED_PROTO variable (already set to "https" by HAProxy).

Then I could add to wp-config.php:

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
        $_SERVER['HTTPS'] = 'on';

Regards

Alex