Https (SSL) issue with IIS and Wordpress reverse proxy

0
votes

I am running a WordPress site on Ubuntu VM as a reverse proxy (URL rewrite) behind an internet-facing IIS windows server. The site works fine with HTTP. No issues.

However, been having a few issues with HTTPS / SSL configuration. The SSL certificate is attached to the domain name on IIS on the internet-facing windows server while the site is served by Linux VM.

After changing it to https, if I change the site URL in WordPress settings page to https from HTTP, the site does not work and I get a “too many redirects” or “page not redirecting properly” error (in the browser if you open developer tools, you can see the site reloading and looping but no output on screen).

If I leave the siteurl in settings as HTTP domain(dot)com, site loads and PHP works but no scripts or JS files are loaded by the browser, and the error is “Blocked loading mixed active content by firefox HTTP domain(dot)com/some/script/CSS” because the siteurl is still HTTP and not https.

I have also tried to change the site URL for specific files in .htaccess and wp-config file and functions page and get different errors.

2
wordpressssliishttpsreverse-proxy
The reason for too many redirects is that the redirected URL still conforms to the rules, resulting in circular judgment redirection. So please show your rewrite config. Mixed active content is content that has access to all or parts of the Document Object Model of the HTTPS page. This type of mixed content can alter the behavior of the HTTPS page and potentially steal sensitive data from the user. - Bruce Zhang
Some sections in http request are considered active content. <script> src attribute. <link> href attribute. <iframe> src attribute. XMLHttpRequest requests Fetch() requests All cases in CSS where a <url> value is used <object>data attribute Changing the URL of these attributes on your page from http to https can solve this problem. Or you can find the relevant method to unblock mixed content from the Firefox official website and forum. - Bruce Zhang
<rewrite> <preCondition name="ResponseIsHtml1"> <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" /> <rewriteMap name="Languages" defaultValue="en_US" /> </rewriteMaps> <rules> <rule name="ReverseProxyInboundRule1" stopProcessing="true"> <action type="Rewrite" url="192.168.2.31{R:1}" /> <add areas="Authentication,Security,Filter,StaticFile,CGI,Compression,Cache, /> - Aheadit

2 Answers

0
votes

You have to run WordPress on that Ubuntu VM under HTTPS, in order to break from endless HTTP->HTTPS redirection.

Currently WordPress decides to redirect, because it detects that only HTTP requests are coming,

Browser ---HTTPS--> IIS ARR ---HTTP--> WordPress

It only stops redirection if you get

Browser ---HTTPS--> IIS ARR ---HTTPS--> WordPress

0
votes

It is most likely due to termination of SSL. WorldPress doesn't handle proxies all that well. So you may need to add a bit of code to wp-config file.

Open file and find:

define('WP_DEBUG', false);

Add:

if ( $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' )
{
   $_SERVER['HTTPS']       = 'on';
   $_SERVER['SERVER_PORT'] = 443;
}