Try activating ssl without the plugin. Change the url in wordpress settings..
On Tue, 9 Feb 2021, 5:32 PM Rainer Duffner, <rainer@ultra-secure.de> wrote:
> It’s setup this way, because haproxy can’t really do vhosts and sometimes
> you need to limit access per vhost.
>
> OTOH, haproxy can do restrictions on a per-url basis much better (IMO)
> than Nginx.
>
> There are up to several hundred vhosts there and sometimes you want to
> limit stuff on any one of them.
>
> Plus, as I said, haproxy’s handling of certificates is sometimes very
> convenient.
>
> I run let’s encrypt on almost all of these vhosts and due to the way they
> are provisioned, it’s much easier than dealing with the individual Nginx
> configuration files.
>
>
>
> I will try and activate SSL without the Really Simple SSL plugin, maybe it
> is doing something weird - though with all the SSL offloading going on
> these days, you’d think this isn’t a too unusual case…
>
>
>
>
>
>
>
>
> Am 09.02.2021 um 05:08 schrieb Ali Mohsin <aliofthemohsins@gmail.com>:
>
> Hi, normally when I get infinite loop with ssl, its usually because of
> redirection of http to https. Sometimes front proxy (cloudflare or haproxy)
> is expecting simple http traffic and it gets https traffic and vice versa..
> Also check your wordpress settings and its url. Try changing it.
> And why are you using so much stuff just for wordpress? Simple nginx,
> php-fpm, fcgi cache works for me. And rate limiting works in nginx too. Try
> simplifying the setup so there are less variables to deal with.
>
> On Mon, 8 Feb 2021, 10:16 PM Rainer Duffner, <rainer@ultra-secure.de>
> wrote:
>
>> Hi,
>>
>> I have an interesting problem.
>>
>> I have apache behind Nginx behind haproxy.
>>
>> SSL is terminated with haproxy (because haproxy can load all certificates
>> from a single directory, and because some rate-limiting stuff is easier
>> with haproxy).
>> This makes using Let’s Encrypt easier.
>>
>> Sometimes, I want to do Nginx + fastcgi + php-fpm directly, without
>> apache (it’s measurably faster).
>>
>> For apache, you need this in the configuration:
>>
>> proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
>>
>> (and for good measure, also this:
>> SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on
>> )
>>
>> For fast-cgi, one also needs this in the configuration (fastcgi_params):
>>
>> fastcgi_param HTTPS $fwd_ssl;
>>
>>
>> $fwd_ssl is generated by this map:
>>
>> map $http_x_forwarded_proto $fwd_ssl {
>> http off;
>> https on;
>> }
>>
>> in the global http section.
>>
>> In wordpress, when I enable „Really Simple SSL“, I get a redirect loop
>> (to https) on the front-page (as an unauthenticated user) but the backend
>> works.
>>
>> I wonder what wordpress is missing so that it still thinks the connection
>> is coming over http instead of https.
>>
>>
>>
>> Any ideas?
>>
>> Best Regards
>> Rainer
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
