Try activating ssl without the plugin. Change the url in wordpress settings.
On Tue, 9 Feb 2021, 5:32 PM Rainer Duffner, <rai...@ultra-secure.de> wrote: > It’s setup this way, because haproxy can’t really do vhosts and sometimes > you need to limit access per vhost. > > OTOH, haproxy can do restrictions on a per-url basis much better (IMO) > than Nginx. > > There are up to several hundred vhosts there and sometimes you want to > limit stuff on any one of them. > > Plus, as I said, haproxy’s handling of certificates is sometimes very > convenient. > > I run let’s encrypt on almost all of these vhosts and due to the way they > are provisioned, it’s much easier than dealing with the individual Nginx > configuration files. > > > > I will try and activate SSL without the Really Simple SSL plugin, maybe it > is doing something weird - though with all the SSL offloading going on > these days, you’d think this isn’t a too unusual case… > > > > > > > > > Am 09.02.2021 um 05:08 schrieb Ali Mohsin <aliofthemohs...@gmail.com>: > > Hi, normally when I get infinite loop with ssl, its usually because of > redirection of http to https. Sometimes front proxy (cloudflare or haproxy) > is expecting simple http traffic and it gets https traffic and vice versa. > Also check your wordpress settings and its url. Try changing it. > And why are you using so much stuff just for wordpress? Simple nginx, > php-fpm, fcgi cache works for me. And rate limiting works in nginx too. Try > simplifying the setup so there are less variables to deal with. > > On Mon, 8 Feb 2021, 10:16 PM Rainer Duffner, <rai...@ultra-secure.de> > wrote: > >> Hi, >> >> I have an interesting problem. >> >> I have apache behind Nginx behind haproxy. >> >> SSL is terminated with haproxy (because haproxy can load all certificates >> from a single directory, and because some rate-limiting stuff is easier >> with haproxy). >> This makes using Let’s Encrypt easier. >> >> Sometimes, I want to do Nginx + fastcgi + php-fpm directly, without >> apache (it’s measurably faster). >> >> For apache, you need this in the configuration: >> >> proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; >> >> (and for good measure, also this: >> SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on >> ) >> >> For fast-cgi, one also needs this in the configuration (fastcgi_params): >> >> fastcgi_param HTTPS $fwd_ssl; >> >> >> $fwd_ssl is generated by this map: >> >> map $http_x_forwarded_proto $fwd_ssl { >> http off; >> https on; >> } >> >> in the global http section. >> >> In wordpress, when I enable „Really Simple SSL“, I get a redirect loop >> (to https) on the front-page (as an unauthenticated user) but the backend >> works. >> >> I wonder what wordpress is missing so that it still thinks the connection >> is coming over http instead of https. >> >> >> >> Any ideas? >> >> Best Regards >> Rainer >> >> _______________________________________________ >> nginx mailing list >> nginx@nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx