Caddy2 w/WordPress behind Caddy2 reverse proxy

1. Caddy version (caddy version):

caddy version   # file server
v2.2.1 h1:Q62GWHMtztnvyRU+KPOpw6fNfeCD3SkwH7SfT1Tgt2c=

caddy version   # reverse proxy
v2.2.2-0.20201022184206-b6e96d6f4a55h1:P1bdaliL0KA5wk2Kq6ZzvgWmcTpBGH4Jus+laXHEN0Y=

2. How I run Caddy:

a. System environment:

freebsd-version
11.3-RELEASE-p14

b. Command:

service caddy start

c. Service/unit/compose file:

n/a

d. My complete Caddyfile or JSON config:

Caddyfile for the WordPress file server

:80 {
  root * /usr/local/www/wordpress
  encode gzip
  php_fastcgi 127.0.0.1:9000 {
    env SERVER_PORT 80
  }
  file_server

  log {
    format json
    output file /var/log/access.log {
      roll_keep 7
    }
  }

  # External access denied to these files.
  @forbidden {
    path /wp-content/uploads/*.php
    path /.user.ini
    path /wp-content/debug.log
  }

  respond @forbidden 404
}

Caddyfile for the Caddy reverse proxy

(tlsdns) {
  tls {
    dns cloudflare <api_token>
  }
}

(authproxy) {
  basicauth {args.0} {
    admin <hashed-password>
  }
}

(logging) {
  log {
    format json
    output file /var/log/caddy/{args.0}.log {
      roll_keep 7
    }
  }
}

blog.udance.com.au {

  encode gzip
  import tlsdns
  import authproxy /phpmyadmin*
  import logging blog

  reverse_proxy http://10.1.1.4
}

3. The problem I’m having:

n/a

4. Error messages and/or full log output:

n/a

5. What I already tried:

More a point of clarification. I did review the thread Caddy2 w/Wordpress behind nginx reverse proxy, which is very similar to this thread, the difference being an nginx reverse proxy being used there. I must admit to not fully understanding everything that was said.

My question relates to this WordPress extract about placing WordPress behind a reverse proxy.

If WordPress is hosted behind a reverse proxy that provides SSL, but is hosted itself without SSL, these options will initially send any requests into an infinite redirect loop. To avoid this, you may configure WordPress to recognize the HTTP_X_FORWARDED_PROTO header (assuming you have properly configured the reverse proxy to set that header).

# Code to add to wp-config.php when WordPress is behind a reverse proxy

define('FORCE_SSL_ADMIN', true);
// in some setups HTTP_X_FORWARDED_PROTO might contain 
// a comma-separated list e.g. http,https
// so check for https existence
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
$_SERVER['HTTPS']='on';

My question is about the bit of the quoted text ‘assuming you have properly configured the reverse proxy to set that header’. Do I need to explicitly set anything in the Caddyfile for the reverse proxy?

6. Links to relevant resources:

  1. Caddy2 w/Wordpress behind nginx reverse proxy
  2. Administration Over SSL – WordPress.org Forums

per the documentation:

By default, Caddy passes thru incoming headers to the backend—including the Host header—without modifications, with two exceptions:

It adds or augments the X-Forwarded-For header field.
It sets the X-Forwarded-Proto header field.

3 Likes

Yes, thanks for the reference. I did read that, but clearly, it didn’t register with me at the time. I see now that Caddy implicitly sets the X-Forwarded-Proto header field that is referenced in the snippet of WP code.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.