2

I'm adding a nginx server in front of my wordpress website. Also I added my ssl certificate on nginx in order to secure my website via https.

With the configuration I pasted down here, If I access the frontend with the twentysixteen theme I get the following error in the chrome JS console:

Mixed Content: The page at 'https://my.website.it/' was loaded over HTTPS, but requested an insecure script 'http://my.website.it/wp-content/themes/twentysixteen/js/functions.js?ver=20150825'. This request has been blocked; the content must be served over HTTPS.

while if I access the https://my.website.it/wp-admin I'm being redirected to https://wp-admin/

Here is the configuration of my wordpress:

Here goes the configuration for the Wordpress Server:

wp-config.php

$_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
define('FORCE_SSL_ADMIN','true');
define('WP_SITEURL','https://my.website.it');
define('WP_HOME','https://my.website.it');

my .htaccess

RewriteEngine On
RewriteCond %{HTTP_HOST} !^wploadbalance$ [NC]
RewriteRule ^(.*)$ https://my.website.it/$1 [L,R=301]

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

Here goes the configuration of my nginx server:

server {
       listen 80;
       server_name    my.website.it;
       return         301 https://$server_name$request_uri;
}

server {
       listen 443;
       server_name my.website.it;

       ssl                  on;
       ssl_certificate      /etc/ssl/certificate/certificate.crt;
       ssl_certificate_key  /etc/ssl/private/mprivate.key;

       ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
       ssl_ciphers    EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;

       ssl_prefer_server_ciphers  on;
       ssl_session_timeout        10m;
       ssl_session_cache          shared:SSL:10m;

       location / {
           proxy_pass http://wploadbalance;
           client_max_body_size 20M;

           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

           proxy_set_header X-Forwarded-Proto https;

           proxy_redirect off;

           proxy_buffers 64 4k;
    }
}

upstream wploadbalance{
        least_conn;
        server wordpress;
}
Improve this question

2 Answers 2

Reset to default
1

Add these lines to wp-config.php:

if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) 
    && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
    $_SERVER['HTTPS'] = 'on';
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Instead of adding lines to wp-config.php you can add following line directly to Apache VirtualHost configuration or .htaccess:

SetEnvIf X-Forwarded-Proto https HTTPS=on

and this line to Apache2 config:

LoadModule setenvif_module libexec/apache22/mod_setenvif.so
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.