如何在 Amazon 负载均衡器后面修复 WordPress HTTPS 问题?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/30702490/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to fix WordPress HTTPS issues when behind an Amazon Load Balancer?
提问by A.B. Carroll
I've had this issue before. When running WordPress (or other PHP scripts) behind Amazon's EC2 Load Balancer, the scripts do not realize they are being ran on the https:// protocol and results in issues such as endless redirect loops, and HTTPS warnings ("Some content on this page is being requested in a non-secure way...").
我以前有过这个问题。在 Amazon 的 EC2 负载均衡器后面运行 WordPress(或其他 PHP 脚本)时,脚本没有意识到它们是在 https:// 协议上运行的,并导致诸如无休止的重定向循环和 HTTPS 警告(“一些内容正在以不安全的方式请求页面......”)。
I found a solution here, but requires modifying WordPress core, which is no good for updatability: https://wordpress.org/support/topic/when-behind-amazon-web-services-elastic-load-balancer-causes-endless-redirect
我在这里找到了一个解决方案,但需要修改 WordPress 核心,这对可更新性不利:https: //wordpress.org/support/topic/when-behind-amazon-web-services-elastic-load-balancer-causes-endless -重定向
Is there a way to fix this without modifying WordPress core? I am using Apache 2.2.
有没有办法在不修改 WordPress 核心的情况下解决这个问题?我正在使用 Apache 2.2。
回答by A.B. Carroll
As the link you gave suggested, for WordPress the issue lies in the is_ssl()function, which like most PHP software explicitly checks the $_SERVER['HTTPS']and $_SERVER['SERVER_PORT']to check if the current page is being accessed in the https:// context.
正如您提供的链接所建议的那样,对于 WordPress,问题在于is_ssl()函数,与大多数 PHP 软件一样,它会明确检查$_SERVER['HTTPS']并$_SERVER['SERVER_PORT']检查当前页面是否在 https:// 上下文中被访问。
When your page is accessed over HTTPS, but the Amazon Load Balancer is performing SSL offloading and actually requesting your content on the non-SSL port 80, the webserver, PHP, or anything else for that matter, does not understand or see that it's being accessed over https://.
当您的页面通过 HTTPS 访问,但 Amazon 负载均衡器正在执行 SSL 卸载并实际在非 SSL 端口 80 上请求您的内容时,网络服务器、PHP 或其他任何与此相关的内容不会理解或看到它正在通过 https:// 访问。
The fix for this, is that Amazon's ELB sends the de-facto standard X-Forwareded-ProtoHTTP header, which we can use to figure out which protocol the client is actuallyusing on the other side of the Load Balancer.
对此的解决方法是 Amazon 的 ELB 发送事实上的标准X-Forwareded-ProtoHTTP 标头,我们可以使用它来确定客户端在负载均衡器的另一端实际使用的协议。
With Apache 2.2, you could use something along the lines of:
使用 Apache 2.2,您可以使用以下内容:
<IfModule mod_setenvif.c>
SetEnvIf X-Forwarded-Proto "^https$" HTTPS
</IfModule>
This simply reads the X-Forwared-Protoheader, and if it equals httpsthen, sets the HTTPSenvironment variable to 1. PHP will see this environment variable, and eventually it will become $_SERVER['HTTPS']that equals 1-- just like it would be for a "real" native SSL request.
这只是读取X-Forwared-Proto标头,如果等于https,则将HTTPS环境变量设置为1。PHP 会看到这个环境变量,最终它会变成$_SERVER['HTTPS']那个 equals 1—— 就像它对于“真正的”本机 SSL 请求一样。
回答by zeroimpl
Another option from the WordPress documentationis to add this to your wp-config.php:
WordPress 文档中的另一个选项是将其添加到您的 wp-config.php 中:
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
回答by Gal Talmor
In case anyone else was looking for the Nginx equivalent to this, here's what you need to do:
如果其他人正在寻找与此等效的 Nginx,您需要执行以下操作:
For rewrite setup you should add the following under the serverblock:
对于重写设置,您应该在server块下添加以下内容:
if ($http_x_forwarded_proto != 'https') {
rewrite ^ https://$host$request_uri? permanent;
}
And for setting the HTTPS param you should add the following under the location ~ \.php$block:
对于设置 HTTPS 参数,您应该在location ~ \.php$块下添加以下内容:
if ($http_x_forwarded_proto = 'https') {
set $fe_https 'on';
}
fastcgi_param HTTPS $fe_https;
Remember to remove any other fastcgi_param HTTPScommand if you have any (I had it in my fastcgi_paramsfile).
fastcgi_param HTTPS如果您有任何其他命令,请记住删除任何其他命令(我的fastcgi_params文件中有它)。
回答by Ankit Anand
Use this 4 step method to remove the redirect loop and mixed content problems when using ssl in WordPress.
在 WordPress 中使用 ssl 时,使用此 4 步方法来消除重定向循环和混合内容问题。
1) Replace 'http://' with '//' in database - This create all the relative url's for images and other assets
1) 在数据库中用 '//' 替换 'http://' - 这会为图像和其他资产创建所有相对 url
2) in wp-config, define generic wp_home and wp_siteurl variables.
2) 在 wp-config 中,定义通用 wp_home 和 wp_siteurl 变量。
define('WP_HOME','//'. $_SERVER['SERVER_NAME']);
define('WP_SITEURL','//'. $_SERVER['SERVER_NAME']);
3) If you are using load balancer, use 'HTTP_X_FORWARDED_PROTO' server variable to figure out protocol used. To do this, add this line in wp-config
3) 如果您使用负载均衡器,请使用“HTTP_X_FORWARDED_PROTO”服务器变量来确定使用的协议。为此,请在 wp-config 中添加这一行
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';
4) Finally in .htaccess, use this line if you are behind loadbalancer to redirect all traffic to https.
4) 最后在 .htaccess 中,如果您在负载均衡器后面,请使用此行将所有流量重定向到 https。
# http to https
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule . https://%{HTTP:Host}%{REQUEST_URI} [L,R=permanent]
回答by Mike
Neither of the above solved the Mixed Content errors for me unfortunately. However what did work was adding the protocol to the WP_HOME && WP_SITEURL variables in wp-config.php e.g.
不幸的是,以上都没有为我解决混合内容错误。然而,什么工作是将协议添加到 wp-config.php 中的 WP_HOME && WP_SITEURL 变量,例如
define( 'WP_HOME', 'https://' . $_SERVER['HTTP_HOST']);
define( 'WP_SITEURL', WP_HOME );
define( 'WP_HOME', 'https://' . $_SERVER['HTTP_HOST']);
define( 'WP_SITEURL', WP_HOME );
After that all URLs in the source began with https and all the Mixed Content errors disappeared.
之后,源中的所有 URL 都以 https 开头,所有混合内容错误都消失了。
