Having a NGINX reverse proxy as a frontent web server for WordPress installation on Apache is a common practice for a lot of webmasters. But there could be a potential issue when you decide to secure your website with SSL certificate.
The regular procedure for migrating your WordPress site from http to https just tells you update your website URL in WP settings. However you would experience a “Multiple redirects loop” issue when you’d try to access your Admin panel after that.
So, let’s check the full migration step-by-step manual.
1. Configure your NGINX server to listen on port 443 with SSL option. A regular config would look like this:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
server { listen 443 ssl; ssl_certificate /etc/ssl/certs/yourcert.crt; ssl_certificate_key /etc/ssl/certs/yourkey.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; location / { proxy_pass http://backend:8081/; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme; } } |
Please notice the “proxy_set_header” options which allow your Apache backend to know that we are using SSL now.
2. Next step is to change your website URL in WordPress settings.
Just change the website URL from http://yourwebsite.com to https://yourwebsite.com and click Save button.
If you do not have access to Admin panel for some reason – you could make the same changes by modifying wp-config.php file:
|
1 2 |
define('WP_HOME','https://example.com'); define('WP_SITEURL','https://example.com'); |
3. The last step is to tell WordPress that a reverse proxy handles all SSL related routines and not the Apache web server. Add these lines to your wp-config.php file:
|
1 2 3 4 5 6 7 8 9 |
/** * Handle SSL reverse proxy */ if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS']='on'; if (isset($_SERVER['HTTP_X_FORWARDED_HOST'])) { $_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST']; } |
That’s it. Now reload your NGINX server with a new configuration and check your website working on port 443 with SSL enabled.