Join Log in
Score:0
Kim Mỹ avatar Server

dockerized nginx try_files causes dockerized wordpress url(except /wp-admin) to 500 Internal Server Error or auto redirect to root domain

cn flag
Kim Mỹ

I have successfully setup a wordpress site running on a dockerized nginx. When the wordpress site is up and running, I can go to the home page: https://my_domain.com or any links or at after wp-admin/... without any problem.

But when I go to https://my_domain.com/sample-page or https://my_domain.com/post-id or any route except after \wp-admin it then:

immediately redirects to the root domain http://my_domain.com if I set:

try_files $uri $uri/ /index.php$is_args$args;

or dont auto redirect to root domain but return 500 Internal Server Error if I set(add a / after index.php):

try_files $uri $uri/ /index.php/$is_args$args;

with exception route /wp-admin/ when accessed redirects correctly to https://my_domain.com/wp-admin/login.php if not logged in and to https://my_domain.com/wp-admin/ if logged in, in all 2 of try_files cases above.

Here is my nginx config at /nginx/default.conf:

server {
    listen 80;
    listen [::]:80;
    server_name my_domain.com www.my_domain.com;

    location / {
        return 301 https://my_domain.com$request_uri;
    }
}


server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name my_domain.com www.my_domain.com;

    index index.php index.html index.htm;

    root /var/www/html/wordpress;

    ssl on;
    server_tokens off;
    ssl_certificate /etc/nginx/ssl/live/my_domain.com/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/live/my_domain.com/privkey.pem;
    ssl_dhparam /etc/nginx/dhparam/dhparam-2048.pem;

    ssl_buffer_size 8k;
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
    # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
    # enable strict transport security only if you understand the implications


    location / {
          try_files $uri $uri/ /index.php$is_args$args;

          proxy_pass http://wordpress_host:80; 
          proxy_set_header Host $http_host;
          proxy_set_header X-Forwarded-Proto $scheme;
    }

    location ~ \.php$ {
          try_files $uri =404;
          fastcgi_split_path_info ^(.+\.php)(/.+)$;
          proxy_pass http://wordpress_host:80;
          fastcgi_index index.php;
          include fastcgi_params;
          fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
          fastcgi_param PATH_INFO $fastcgi_path_info;

          proxy_set_header Host $http_host;
          proxy_set_header X-Forwarded-Proto $scheme;
    }

    location ~ /\.ht {
          deny all;
    }
        
    location = /favicon.ico { 
          log_not_found off; access_log off; 
    }

    location = /robots.txt { 
          log_not_found off; access_log off; allow all; 
    }

    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
          expires max;
          log_not_found off;
    }
}

I also config at wp-config.php:

define('FORCE_SSL_ADMIN', true); 

if ( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') 
$_SERVER['HTTPS']='on';

define('WP_SITEURL', 'https://www.my_domain.com/');
define('WP_HOME', 'https://www.my_domain.com/');

Update:

Here the docker compose file:

version: '3';
services:
  nginx:
    image: nginx:stable-alpine
    ports:
      - "80:80" # nginx listen on 80
      - "443:443"
    volumes:
      - ./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
      - ./wordpress/app:/var/www/html/wordpress
  db:
    image: mysql:8.0
    container_name: db-example
    restart: unless-stopped
    env_file: ./wordpress/app/.env
    environment:
      - MYSQL_DATABASE=example
    volumes:
      - ./wordpress/dbdata:/var/lib/mysql
      #- ./wordpress/db/db.sql:/docker-entrypoint-initdb.d/install_wordpress.sql #if you have db.sql of project input here
    command: '--default-authentication-plugin=mysql_native_password'

  wordpress_host:
    depends_on:
      - db
    image: wordpress
    container_name: wordpress_host
    ports:
      - "8080:80"
    restart: unless-stopped
    env_file: ./wordpress/app/.env
    environment:
      - WORDPRESS_DB_HOST=db:3306
      - WORDPRESS_DB_USER=root
      - WORDPRESS_DB_PASSWORD=root
      - WORDPRESS_DB_NAME=example
    volumes:
      - ./wordpress/app:/var/www/html/wordpress
volumes:
  wordpress-host:
  dbdata

: .env file:

MYSQL_ROOT_PASSWORD=root
MYSQL_USER=example
MYSQL_PASSWORD=password
57
0 + 0
Zeitounator avatar
fr flag
Zeitounator
If you intend to use fast cgi you are using the wrong wordpress image. Look at the `*-fpm` tags. Your current setup forwards calls from your nginx config to the apache server running inside the `wordpress:latest` image. I'm pretty sure your problem comes from there.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.