我正在我的 WordPress 网站前面添加一个 nginx 服务器。另外,我在 nginx 上添加了 ssl 证书,以便通过 https 保护我的网站。
使用我粘贴在此处的配置,如果我使用二十世纪主题访问前端,我会在 chrome JS 控制台中收到以下错误:
混合内容:“https://my.website.it/”页面是通过 HTTPS 加载的,但请求了不安全的脚本“http://my.website.it/wp-content/themes”/twentysixteen/js/functions.js?ver=20150825'。该请求已被阻止;内容必须通过 HTTPS 提供。
如果我访问https://my.website.it/wp-admin
,我将被重定向到https://wp-admin/
这是我的 WordPress 的配置:
这是 WordPress 服务器的配置:
wp-config.php
$_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
define('FORCE_SSL_ADMIN','true');
define('WP_SITEURL','https://my.website.it');
define('WP_HOME','https://my.website.it');
我的.htaccess
RewriteEngine On
RewriteCond %{HTTP_HOST} !^wploadbalance$ [NC]
RewriteRule ^(.*)$ https://my.website.it/$1 [L,R=301]
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
这是我的 nginx 服务器的配置:
server {
listen 80;
server_name my.website.it;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
server_name my.website.it;
ssl on;
ssl_certificate /etc/ssl/certificate/certificate.crt;
ssl_certificate_key /etc/ssl/private/mprivate.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
location / {
proxy_pass http://wploadbalance;
client_max_body_size 20M;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
proxy_buffers 64 4k;
}
}
upstream wploadbalance{
least_conn;
server wordpress;
}
最佳答案
将这些行添加到 wp-config.php
:
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])
&& $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
$_SERVER['HTTPS'] = 'on';
}
关于带有 ssl 和反向代理的 WordPress (nginx),我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34464600/