I have successfully setup a wordpress site running on a dockerized nginx. When the wordpress site is up and running, I can go to the home page: https://my_domain.com
or any links or at after wp-admin/...
without any problem.
But when I go to https://my_domain.com/sample-page
or https://my_domain.com/post-id
or any route except after \wp-admin
it then:
immediately redirects to the root domain http://my_domain.com
if I set:
try_files $uri $uri/ /index.php$is_args$args;
or dont auto redirect to root domain but return 500 Internal Server Error
if I set(add a /
after index.php):
try_files $uri $uri/ /index.php/$is_args$args;
with exception route /wp-admin/
when accessed redirects correctly to https://my_domain.com/wp-admin/login.php
if not logged in and to https://my_domain.com/wp-admin/
if logged in, in all 2 of try_files cases above.
Here is my nginx config at /nginx/default.conf:
server {
listen 80;
listen [::]:80;
server_name my_domain.com www.my_domain.com;
location / {
return 301 https://my_domain.com$request_uri;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name my_domain.com www.my_domain.com;
index index.php index.html index.htm;
root /var/www/html/wordpress;
ssl on;
server_tokens off;
ssl_certificate /etc/nginx/ssl/live/my_domain.com/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/live/my_domain.com/privkey.pem;
ssl_dhparam /etc/nginx/dhparam/dhparam-2048.pem;
ssl_buffer_size 8k;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# enable strict transport security only if you understand the implications
location / {
try_files $uri $uri/ /index.php$is_args$args;
proxy_pass http://wordpress_host:80;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
proxy_pass http://wordpress_host:80;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico {
log_not_found off; access_log off;
}
location = /robots.txt {
log_not_found off; access_log off; allow all;
}
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
}
I also config at wp-config.php:
define('FORCE_SSL_ADMIN', true);
if ( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https')
$_SERVER['HTTPS']='on';
define('WP_SITEURL', 'https://www.my_domain.com/');
define('WP_HOME', 'https://www.my_domain.com/');
Update:
Here the docker compose file:
version: '3';
services:
nginx:
image: nginx:stable-alpine
ports:
- "80:80" # nginx listen on 80
- "443:443"
volumes:
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf:ro
- ./wordpress/app:/var/www/html/wordpress
db:
image: mysql:8.0
container_name: db-example
restart: unless-stopped
env_file: ./wordpress/app/.env
environment:
- MYSQL_DATABASE=example
volumes:
- ./wordpress/dbdata:/var/lib/mysql
#- ./wordpress/db/db.sql:/docker-entrypoint-initdb.d/install_wordpress.sql #if you have db.sql of project input here
command: '--default-authentication-plugin=mysql_native_password'
wordpress_host:
depends_on:
- db
image: wordpress
container_name: wordpress_host
ports:
- "8080:80"
restart: unless-stopped
env_file: ./wordpress/app/.env
environment:
- WORDPRESS_DB_HOST=db:3306
- WORDPRESS_DB_USER=root
- WORDPRESS_DB_PASSWORD=root
- WORDPRESS_DB_NAME=example
volumes:
- ./wordpress/app:/var/www/html/wordpress
volumes:
wordpress-host:
dbdata
:
.env file:
MYSQL_ROOT_PASSWORD=root
MYSQL_USER=example
MYSQL_PASSWORD=password