Caddy as reverse_proxy for another caddy serving wordpress

rototom · April 22, 2021, 9:08pm

Thanks for your help!
I try to run a wordpress blog in an lxc container with a proxmox host.
On the host I run a caddy server.

1. Caddy version (`caddy version`):

2.3.0

2. How I run Caddy:

standard install in debian with /etc/caddy/Caddyfile as follows

a. System environment:

proxmox Linux pve 5.4.73-1-pve

b. Command:

systemctl start caddy

c. Service/unit/compose file:

d. My complete Caddyfile or JSON config:

On the host:

website.tld {
	reverse_proxy wordpress:80
}

On wordpress:

website.tld:80 {
  root * /var/www/wordpress
  php_fastcgi unix//run/php/php7.4-fpm.sock
  encode gzip
  file_server
}

3. The problem I’m having:

I’m getting this error:
Blocked loading mixed active content “http://website.tld/wp-includes/js/jquery/jquery.min.js?ver=3.5.1”

5. What I already tried:

When I run wordpress without :80 and the host with Caddyfile:

	reverse_proxy wordpress
}

I get a redirection loop.
Thank you for your help!

francislavoie · April 23, 2021, 3:36am

Right so there’s two things going on here;

The error you’re seeing talks about “mixed active content”, and this means that your page is trying to load HTTP assets on an HTTPS site. You can see that in the URL in the error, in that it has http://

In your first attempt, things worked almost fine, but since the php_fastcgi handler see the incoming request as HTTP, so it passes through http for the REQUEST_SCHEME CGI variable. This means wordpress thinks the site is served over HTTP and not HTTPS, so it puts http:// in front of the asset paths instead of https://.

One possible solution is to override that variable like this:

php_fastcgi unix//run/php/php7.4-fpm.sock {
	env REQUEST_SCHEME https
}

If that doesn’t work, you can try with with env HTTPS on, which is another possible variable wordpress might use (I’m not 100% sure on the internals of wordpress).

Another way is to actually use HTTPS between your front Caddy instance and the wordpress-serving one. You can read about how that might look here:

And finally the reason that removing :80 failed was that Caddy will try to enable automatic HTTPS, including HTTP->HTTPS redirects unless you explicitly tell it to serve HTTP (and in this case using :80 which matches the default HTTP port, turns off automatic HTTPS). So when the proxy request comes in, the wordpress Caddy instance always serves redirects. You would need to proxy to wordpress:443 to skip the redirect, but unless you configured trust (see the article above) it would still not be able to complete the TLS handshake.

rototom · April 23, 2021, 12:26pm

Thank you for your great answer!
Problems are getting strange now…
The domain “ethiobamboo.de” redirects to localhost now, seems not to change, whatever I write in the configs…
host:

ethiobamboo.de {
        reverse_proxy 192.168.178.109:80
}

Wordpress container:

ethiobamboo.de:80 {
root * /var/www/wordpress
php_fastcgi unix//run/php/php7.4-fpm.sock {
        env REQUEST_SCHEME https
        env HTTPS on
}
encode gzip
file_server
}

rototom · April 23, 2021, 12:45pm

Sorry, this was an error concerning my local dns. It works now! Thanks for your great help!

system · May 22, 2021, 9:08pm

This topic was automatically closed after 30 days. New replies are no longer allowed.