endless

endless

关注
发信
关注(28)粉丝(399)

如何在Amazon Load Balancer后面修复Wordpress HTTPS问题?

本文介绍了如何在Amazon Load Balancer后面修复Wordpress HTTPS问题?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我以前遇到过这个问题。在Amazon的EC2负载均衡器后面运行Wordpress(或其他PHP脚本)时,脚本没有意识到它们是在https://协议上运行的,并导致诸如无限重定向循环和HTTPS警告之类的问题(有关此内容的一些内容)正在以非安全的方式请求页面...)。

I've had this issue before. When running Wordpress (or other PHP scripts) behind Amazon's EC2 Load Balancer, the scripts do not realize they are being ran on the https:// protocol and results in issues such as endless redirect loops, and HTTPS warnings ("Some content on this page is being requested in a non-secure way...").

我在这里找到了一个解决方案,但需要修改Wordpress核心,这对可更新性没有好处:

I found a solution here, but requires modifying Wordpress core, which is no good for updatability:https://wordpress.org/support/topic/when-behind-amazon-web-services-elastic-load-balancer-causes-endless-redirect

有没有办法解决这个问题,而无需修改Wordpress核心?我正在使用Apache 2.2。

Is there a way to fix this without modifying Wordpress core? I am using Apache 2.2.

推荐答案

正如您提供的链接所建议的那样,对于Wordpress,问题在于 is_ssl()函数,与大多数PHP软件一样,显式检查 $ _ SERVER ['HTTPS'] $ _ SERVER ['SERVER_PORT'] 检查当前页面是否在https://上下文中被访问。

As the link you gave suggested, for Wordpress the issue lies in the is_ssl() function, which like most PHP software explicitly checks the $_SERVER['HTTPS'] and $_SERVER['SERVER_PORT'] to check if the current page is being accessed in the https:// context.

当您的页面被访问时HTTPS,但亚马逊负载均衡器正在执行SSL卸载,并且实际上在非SSL端口80,网络服务器,PHP或其他任何内容上请求您的内容,不理解或看到它是通过https://访问的。

When your page is accessed over HTTPS, but the Amazon Load Balancer is performing SSL offloading and actually requesting your content on the non-SSL port 80, the webserver, PHP, or anything else for that matter, does not understand or see that it's being accessed over https://.

对此的修复是亚马逊的ELB发送事实上的标准 X-Forwareded-Proto HTTP header,我们可以用它来确定客户端在负载均衡器的另一端使用实际的协议。

The fix for this, is that Amazon's ELB sends the de-facto standard X-Forwareded-Proto HTTP header, which we can use to figure out which protocol the client is actually using on the other side of the Load Balancer.

使用Apache 2.2 ,你可以使用一些东西e行:

With Apache 2.2, you could use something along the lines of:

<IfModule mod_setenvif.c>
  SetEnvIf X-Forwarded-Proto "^https$" HTTPS
</IfModule>

这只是读取 X-Forwared-Proto 标题,如果它等于 https ,则将 HTTPS 环境变量设置为 1 。 PHP将看到这个环境变量,最终它将变为 $ _ SERVER ['HTTPS'] 等于 1 - 就像它对真正的原生SSL请求一样。

This simply reads the X-Forwared-Proto header, and if it equals https then, sets the HTTPS environment variable to 1. PHP will see this environment variable, and eventually it will become $_SERVER['HTTPS'] that equals 1 -- just like it would be for a "real" native SSL request.

这篇关于如何在Amazon Load Balancer后面修复Wordpress HTTPS问题?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-15 07:58
Powered by LMLPHP ©2024 endless 0.034192