Previously I wrote a post explaining how to do SSL termination with Ha-proxy. It seemed to be working fine, but it was giving me problems about mixed content when loading my blog.
What was happening was that my blog was being served on https://ncona.com, but all the JS, CSS and links where being returned in http. This actually makes a lot of sense because the load balancer is requesting content using http and then forwarding this content to the browser.
Once the problem is understood, the solution is just a matter of finding out how to tell wordpress to render https content when Ha-proxy receives an https request. A way to do this is by sending a header to wordpress when the request came on port 443. We can do this in haproxy.cfg:
1
2
3
4
5
6
7
frontend https-in
bind *:443 ssl crt /certs/ncona.pem
reqadd X-Forwarded-Proto:\ https
acl ncona-web-frontend hdr(host) -i ncona.com www.ncona.com
use_backend ncona-web if ncona-web-frontend
The reqadd instruction will add a header to the request being sent to the backend. Now we can inspect for this header in wp-config.php:
1
2
3
4
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
$_SERVER['HTTPS'] = 'on';
$_SERVER['SERVER_PORT'] = 443;
}
This solved the problem and I can finally serve my blog with https.
php programming