It’s setup this way, because haproxy can’t really do vhosts and sometimes you need to limit access per vhost.
OTOH, haproxy can do restrictions on a per-url basis much better (IMO) than Nginx. There are up to several hundred vhosts there and sometimes you want to limit stuff on any one of them. Plus, as I said, haproxy’s handling of certificates is sometimes very convenient. I run let’s encrypt on almost all of these vhosts and due to the way they are provisioned, it’s much easier than dealing with the individual Nginx configuration files. I will try and activate SSL without the Really Simple SSL plugin, maybe it is doing something weird - though with all the SSL offloading going on these days, you’d think this isn’t a too unusual case… > Am 09.02.2021 um 05:08 schrieb Ali Mohsin <aliofthemohs...@gmail.com>: > > Hi, normally when I get infinite loop with ssl, its usually because of > redirection of http to https. Sometimes front proxy (cloudflare or haproxy) > is expecting simple http traffic and it gets https traffic and vice versa. > Also check your wordpress settings and its url. Try changing it. > And why are you using so much stuff just for wordpress? Simple nginx, > php-fpm, fcgi cache works for me. And rate limiting works in nginx too. Try > simplifying the setup so there are less variables to deal with. > > On Mon, 8 Feb 2021, 10:16 PM Rainer Duffner, <rai...@ultra-secure.de > <mailto:rai...@ultra-secure.de>> wrote: > Hi, > > I have an interesting problem. > > I have apache behind Nginx behind haproxy. > > SSL is terminated with haproxy (because haproxy can load all certificates > from a single directory, and because some rate-limiting stuff is easier with > haproxy). > This makes using Let’s Encrypt easier. > > Sometimes, I want to do Nginx + fastcgi + php-fpm directly, without apache > (it’s measurably faster). > > For apache, you need this in the configuration: > > proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; > > (and for good measure, also this: > SetEnvIf X-Forwarded-Proto "^https$" HTTPS=on > ) > > For fast-cgi, one also needs this in the configuration (fastcgi_params): > > fastcgi_param HTTPS $fwd_ssl; > > > $fwd_ssl is generated by this map: > > map $http_x_forwarded_proto $fwd_ssl { > http off; > https on; > } > > in the global http section. > > In wordpress, when I enable „Really Simple SSL“, I get a redirect loop (to > https) on the front-page (as an unauthenticated user) but the backend works. > > I wonder what wordpress is missing so that it still thinks the connection is > coming over http instead of https. > > > > Any ideas? > > Best Regards > Rainer > > _______________________________________________ > nginx mailing list > nginx@nginx.org <mailto:nginx@nginx.org> > http://mailman.nginx.org/mailman/listinfo/nginx > <http://mailman.nginx.org/mailman/listinfo/nginx>_______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
