Support » Networking WordPress » WP and squid reverse proxy

  • aetool

    (@aetool)


    I have a unique situation. I run ipchains on ubuntu which is my firewall which then passes the http or https traffic to squid which then sends the traffic based on rules to the appropriate and separate web servers. WHat happens is squid has all of the certs for every https site thanks to letsencrypy. Every site is vhosted using apache.

    So here we have squid detecting if a request comes in via port 80, it send a 301 redirect to the browser telling it to use port 443/HTTPS. Since I have a trusted network, squid translates the incoming https to HTTP and then send it to the webserver where WP resides. To fix the “mixed content” issue, I tell the browser to use https for all links received by adding the header “upgrade-insecure-requests” That took care of all the mixed content notices. Believe it or not, all is well except when logging out. When a user logs out, he is presented with a “are you sure” message with the title of “WordPress Error” and logout never occurs. WHen looking at the URL being passed to logout, it includes the correct URL plus the redirect header sent by squid.

    To fix this issue, I resorted to adding another url rule in squid that says if URL = https:blah blah logout” then allow http which takes care of the logout issue.

    You might ask why. To prevent bad URL requests from reaching the web server, squid provides a disconnect between the browser and the apache(http) server. Since squid can do proper translation, http and https can both be used to conact my main site. Having said that, anything that gets clicked on gets redirected to https.

    I didn’t want to dive into the code of WP to fix the logout issue. Too many red herrings. Now is someone is really interested in seeing this in action or fixing this issue, I can provide a URL for you to play with. I have a couple of WP sites set up for testing. BTW, it is NOT the nonce number that is messed up.

    conceptually the path looks like this

    browser(https)->internet -> firewall->(https)squid proxy->(http)->apache2 server ->wordpress

    So, all in all things aren’t bad. They could be just a little cleaner.

    I didn’t have to change one thing in the wordpress or woocommerce. I did disable all caching plugins just to be sure. I will be testing them later to be sure they don’t cause problems. If anyone wants the result of any plugin tests, I will happy to post them.

    Richard

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.