SSL!

Well, finally I managed to run WP behind a reverse SSL proxy (nginx).

Used nginx because on CentOS 6 has better support for latest and greatest TLS features, unless you use apache 2.4 (from SCL), which maybe a bit a problematic to setup if migration is involved.

This post was useful to fix my infinite loops redirection: http://codex.wordpress.org/Administration_Over_SSL

This is my wp-config.php snippet:

define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);
if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
       $_SERVER['HTTPS']='on';

Be sure to insert it *before* this comment:

/* That's all, stop editing! Happy blogging. */

And relevant nginx.conf snippets (this is not a full config, just for example):

http {
 .....
 proxy_set_header X-Forwarded-Proto https;
 ....
 server {
  listen       80;
  server_name  www.brancaleoni.com brancaleoni.com;
  rewrite ^/(.*) https://$server_name/$1 permanent;
 }

 server {
  listen       443 ssl spdy;
  ssl_certificate /path/to/domain.crt;
  ssl_certificate_key /path/to/domain.key;
  server_name     www.brancaleoni.com brancaleoni.com;
  location / {
   proxy_pass        http://localhost:8080;
  }
 }
 ....
}

And yes, this blog is spdy enabled :)

This entry was posted in Linux and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *