SSL termination and wordpress


I’ve got a question concerning the SSL Termination on the load balancer.
I’m running a few wordpress instances, each is located in it’s own stack with it’s own mysql db.

I used to run SSL on all my wordpress sites. Right now I have it turned off because I can’t make heads or tails out of the load balancer.

When I terminate the SSL on the load balancer ( Public - HTTPS - - 443 - wordpress-Mysite - 80) this technically works, I can browse the site on SSL, but all the resources are loaded through HTTP, this breaks the entire SSL offcourse.

When I configure my wordpress sites with https in their site_url and home I’m getting too many redirects.
How would I go about fixing this issue, because I got the feeling that the rancher loadbalancer isn’t terminating all SSL traffic.

WordPress generates absolute URLs and returns them in the HTML so it needs to know the scheme (http vs https) the original request was for to generate them correctly.

The Rancher HAProxy sends this as the standard x-forwarded-proto: https header to tell the target application this. Beyond that we’re not really involved, WordPress is generating the redirects and wrong links.

The authors apparently don’t think support for this belongs in the core and would rather you monkey patch things in your config. Which seems ridiculous to me, but not surprising for WordPress… Anyway, maybe there are plugins for this.

Yeah there are multiple plugins. I know with using CloudFlare for SSL I had to install a plugin to handle that as well.

@vincent Thanks for the feedback. It has indeed always baffled my why Wordpress uses absolute links instead of relative ones. I was thinking why I never had the issue before but that was because then I wasn’t terminating SSL at the proxy, but at the backend server.

@stormerider Hi! Can you hint me on which plugins you used to get this working?
Sorry about the doublepost and didn’t know if tagging after the fact works :frowning:

We actually do the same in the Rancher API, so that an API client doesn’t have to have logic to add the right endpoint to the many links returned in the JSON. This makes curl + jq a simple but effective client. But we support the headers to proxy it correctly too.

I’m not sure what benefit WordPress gets out of it, being targeted at API clients that are already pretty good at resolving links (browsers).

Hey @Fraeco, I was having the same issue as you just yesterday, but I managed to resolve that problem and load everything through HTTPS with this plug-in:

It works, but I am not sure if it is the best way to do it, check it out. Make sure to select the maximum settings so that absolutely everything goes through HTTPS.

I am using a very similar set up like you, using the Rancher Load Balancer

On a different note, could I ask you, how you are handling several WordPress sites and their different SSL certificates on Rancher? I only have one so far but will need to get more sites in there. If you could just give me a glance of how you manage to use the load balancer to serve the multiple WordPress sites along with their SSL certs.

Thanks in advance and let me know if you have trouble with the plugin

Typically you create one shared load balancer and use host routing to direct different sites to different services.

Hey @gavargas

I’m pushing all my domains through Cloudflare (their free program). Cloudflare terminates the SSL on their end, and I import the their Origin Certificate in rancher.

As @vincent mentioned I’m using a “General” loadbalancer that has a container on each host and I’m loading the config for all my websites in that one LB.

Ultimately using this combination I was able to set my Wordpress site url to https:///

For all resources that were uploaded with http:// in the url I used Better Search Replace to find and replace all http:// to https://

If you have any questions, shoot!

1 Like

Thanks @Fraeco I got it working with your help!