Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] WordPress on CentOS 7 Linux
Thank you -

On Mon, Jun 27, 2016 at 8:27 PM, Simone Bordet <sbordet@xxxxxxxxxxx> wrote: 
Ah, you are offloading TLS.

Then use the PROXY protocol, Jetty supports that too.
Use the "send-proxy" directive in the HAProxy configuration, and add
the "proxy-protocol" module in Jetty.
That will take care of the REMOTE_ADDR problem.

The solution for HTTPS=on that I use is to redirect, in HAProxy,
"http" to "https". In this way it is always HTTPS=on, and you can
force that with a parameter in Jetty's FastCGIProxyServlet, see
https://github.com/eclipse/jetty.project/blob/jetty-9.3.10.v20160621/jetty-fcgi/fcgi-server/src/main/java/org/eclipse/jetty/fcgi/server/proxy/FastCGIProxyServlet.java#L63.


I don't want to enforce https through redirect in HAProxy yet.

But the good news is that after I have followed your suggestion and added send-proxy there and also the Jetty proxy-protocol module - Wordpress started working properly without any customization of its wp-config.php

I have looked into wp-includes/functions.php and they also check for the SERVER_PORT to be 443:

function is_ssl() {
        if ( isset($_SERVER['HTTPS']) ) {
                if ( 'on' == strtolower($_SERVER['HTTPS']) )
                        return true;
                if ( '1' == $_SERVER['HTTPS'] )
                        return true;
        } elseif ( isset($_SERVER['SERVER_PORT']) && 
               ( '443' == $_SERVER['SERVER_PORT'] ) ) {
                return true;
        }
        return false;
}

which has fixed my problems, because the $_SERVER looks now:

[27-Jun-2016 19:57:49 UTC] Array
(
    [USER] => apache
    [HOME] => /usr/share/httpd
    [FCGI_ROLE] => RESPONDER
    [DOCUMENT_URI] => /index.php
    [QUERY_STRING] => p=/contact/
    [CONTENT_LENGTH] => 
    [CONTENT_TYPE] => 
    [REQUEST_METHOD] => GET
    [SERVER_PROTOCOL] => HTTP/1.1
    [GATEWAY_INTERFACE] => CGI/1.1
    [SERVER_SOFTWARE] => Jetty/9.3.10.v20160621
    [HTTP_COOKIE] => XXXXXX
    [HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
    [HTTP_UPGRADE_INSECURE_REQUESTS] => 1
    [HTTP_USER_AGENT] => Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
    [HTTP_REFERER] => https://slova.de/
    [HTTP_X_FORWARDED_FOR] => 217.246.208.206
    [HTTP_DNT] => 1
    [HTTP_ACCEPT_ENCODING] => gzip, deflate, sdch, br
    [HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8,de-DE;q=0.6,de;q=0.4,ru;q=0.2
    [HTTP_VIA] => http/1.1 www
    [HTTP_X_FORWARDED_PROTO] => http
    [HTTP_X_FORWARDED_HOST] => slova.de
    [HTTP_X_FORWARDED_SERVER] => 144.76.184.151
    [HTTP_HOST] => slova.de
    [DOCUMENT_ROOT] => /var/www/html/slova.de
    [REMOTE_ADDR] => 217.246.208.206
    [REMOTE_PORT] => 63489
    [SERVER_NAME] => slova.de
    [SERVER_ADDR] => 144.76.184.151
    [SERVER_PORT] => 443
    [REQUEST_URI] => /contact/
    [SCRIPT_NAME] => /index.php
    [SCRIPT_FILENAME] => /var/www/html/slova.de/index.php
    [PHP_SELF] => /index.php
    [REQUEST_TIME_FLOAT] => 1467057469.9473
    [REQUEST_TIME] => 1467057469
)

Regards
Alex

Back to the top