Epidemiology & Technology

Getting WordPress to work on 18.04 behind reverse proxy on SSL

Vivek GuptaMarch 25, 2020

On Nginx Reverse Poxy

Create a configuration file in sites-available directory and symlink it to sites-enabled

server {
  listen 443 ssl;
  server_name info.server.com;
  ssl on;
  ssl_certificate /etc/nginx/ssl/info.server.com.crt;
  ssl_certificate_key /etc/nginx/ssl/info.server.com.key;
  # ssl_prefer_server_ciphers on;
  # side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities
  ssl_protocols TLSv1.1 TLSv1.2;

  access_log /var/log/nginx/nginx.info.access.log;
  error_log /var/log/nginx/nginx.info.error.log;

  location / {
    proxy_pass "http://192.168.13.46:80";
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_buffering off;
  }
}
# NO 301 REDIRECT HERE
server {
       listen 80;
       server_name info.server.com www.info.server.com;
       access_log /var/log/nginx/nginx.nonsslinfo.access.log;
       error_log /var/log/nginx/nginx.nonsslinfo.error.log;
       location / {
           proxy_pass "http://192.168.13.46:80";
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Forwarded-Proto $scheme;
           proxy_buffering off;
       }
}
Code language: PHP (php)

Files Limit on Reverse Proxy

https://www.claudiokuenzler.com/blog/850/nginx-socket-failed-24-too-many-open-files. The default is set to a limit of 4096 files per (worker) process, which can be seen in /etc/default/nginx: EDITING THIS FILES DOES NOT HELP. Instead edit /etc/security/limits.conf:

sudo nano /etc/security/limits.conf

# Added Nginx limits
nginx       soft    nofile  30000
nginx       hard    nofile  50000
# End of fileCode language: PHP (php)

Additionally Nginx should be told how many files can be opened. In the main config file /etc/nginx/nginx.conf add:

sudo nano /etc/nginx/nginx.conf

user www-data;
worker_processes 4;
pid /run/nginx.pid;
# 2019-05-09 Increase open files
worker_rlimit_nofile 30000;Code language: PHP (php)
sudo service nginx 

 # ps auxf | grep nginx
root      7027  0.0  0.3 103620 13348 ?        Ss   09:21   0:00 nginx: master process /usr/sbin/nginx
www-data  7028  8.6  1.0 127900 40724 ?        R    09:21   2:37  \_ nginx: worker process
www-data  7029  8.9  1.0 127488 40536 ?        S    09:21   2:44  \_ nginx: worker process
www-data  7031  9.5  1.0 127792 40896 ?        S    09:21   2:53  \_ nginx: worker process
www-data  7032  8.1  1.0 128472 41244 ?        S    09:21   2:29  \_ nginx: worker process

# cat /proc/7028/limits | grep "open files"
Max open files            30000                30000                files  Code language: PHP (php)

On WordPress server

sudo apt install  apache2 apachetop apache2-utils 
sudo apt install php libapache2-mod-php php-mysql php-curl php-imagick   php-gd php-mbstring php-xml php-xmlrpc php-soap php-intl php-zip php7.2-cli php-exif php-fileinfo php-json php-pcre php-mcrypt php-zlib
sudo a2enmod php7.2
sudo a2enmod rewrite
sudo a2enmod deflate
sudo a2enmod expires
sudo systemctl restart apache2
sudo systemctl status apache2

cd /tmp
curl -O https://wordpress.org/latest.tar.gz

tar xzvf latest.tar.gz
touch /tmp/wordpress/.htaccess
cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
mkdir /tmp/wordpress/wp-content/upgrade

sudo cp -a /tmp/wordpress/. /var/www/html/wordpress
sudo chown -R www-data:www-data /var/www/html/wordpressCode language: JavaScript (javascript)

Edit the apache.conf file

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/wordpress.conf
sudo nano /etc/apache2/sites-available/wordpress.conf

<VirtualHost *:80>
	ServerName info.server.com
	ServerAdmin admin@server.com
	DocumentRoot /var/www/html/wordpress
   <Directory /var/www/html/wordpress/>
       AllowOverride All
  </Directory>
  ErrorLog ${APACHE_LOG_DIR}/error.log
  CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>Code language: HTML, XML (xml)

wp-config.php – MOST IMPORTANT SETTING

$_SERVER[‘HTTPS’] = ‘on’;

curl -s https://api.wordpress.org/secret-key/1.1/salt/
sudo nano /var/www/html/wordpress/wp-config.php

# EDIT DATABASE DETAILS
# Add the SALTs received above

$_SERVER['HTTPS'] = 'on';Code language: PHP (php)

Edit the .htaccess file

# BEGIN rlrssslReallySimpleSSL rsssl_version[3.3]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
</IfModule>
# END rlrssslReallySimpleSSL

# BEGIN WordPress
# The directives (lines) between `BEGIN WordPress` and `END WordPress` are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
 RewriteEngine On
 RewriteBase /
 RewriteRule ^index\.php$ - [L]
 RewriteCond %{REQUEST_FILENAME} !-f
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteRule . /index.php [L]
</IfModule>
# END WordPress



Code language: PHP (php)

Enable the site conf and restart apache

sudo a2ensite wordpress.conf 
sudo apache2ctl configtest
sudo systemctl restart apache2Code language: CSS (css)

Log in to your site and finish setup in browser

Related Posts