The connection is functioning and Caddy isn’t trying to get an SSL cert since I specified http specifically for the matcher.
The problem is Caddy doesn’t seem to be passing along the X-Forwarded-Proto header coming from the nginx proxy as-is to Wordpress. Wordpress thinks it’s being accessed by http and the assets on the site fail to load because Wordpress used http links to them causing a mixed content error in the browser.
(index):16 Mixed Content: The page at 'https://example.com/' was loaded over HTTPS, but requested an insecure script 'http://example.com/wp-includes/js/wp-emoji-release.min.js?ver=5.4'. This request has been blocked; the content must be served over HTTPS.
Trying to access the login/admin pages sends it into a redirect loop so they won’t load.
I confirmed this by sticking echo "HTTP-X-FORWARDED-PROTO: " . $_SERVER['HTTP_X_FORWARDED_PROTO'];
in wp-config.php just to see what the site thought it was getting and it always returns “HTTP-X-FORWARDED-PROTO: http”
Caddy’s access log shows the request coming from the nginx proxy with X-Forwarded-Proto set to https like it should be.
Is there a way I can get Caddy to pass that header along un-touched?
Is there a more appropriate way I should be setting this up? Caddy is on an internal server so it can’t do the letsencrypt dance and the nginx proxy already has the letsencrypt cert for the actual domain name.
I was racking my brain over trying to figure out how to make the standard header directive pass this along instead of just adding it as a response back to the browser. I didn’t realize header_up would work like this under php_fastcgi but it instantly solved all issues with the site, thank you.
@matt This is kind of a unique situation so I could see it interpreted different ways. To determine the protocol used between the client and the load balancer, the X-Forwarded-Proto request header can be used.
In a literal sense it would say the only hop that matters is the one from my browser to the nginx proxy (load balancer) so it would be kept the same through all the remaining hops.