Getting WordPress to work on 18.04 behind reverse proxy on SSL

On Nginx Reverse Poxy

Create a configuration file in sites-available directory and symlink it to sites-enabled

server { listen 443 ssl; server_name info.server.com; ssl on; ssl_certificate /etc/nginx/ssl/info.server.com.crt; ssl_certificate_key /etc/nginx/ssl/info.server.com.key; # ssl_prefer_server_ciphers on; # side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities ssl_protocols TLSv1.1 TLSv1.2; access_log /var/log/nginx/nginx.info.access.log; error_log /var/log/nginx/nginx.info.error.log; location / { proxy_pass "http://192.168.13.46:80"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; } } # NO 301 REDIRECT HERE server { listen 80; server_name info.server.com www.info.server.com; access_log /var/log/nginx/nginx.nonsslinfo.access.log; error_log /var/log/nginx/nginx.nonsslinfo.error.log; location / { proxy_pass "http://192.168.13.46:80"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; } }

Files Limit on Reverse Proxy

https://www.claudiokuenzler.com/blog/850/nginx-socket-failed-24-too-many-open-files. The default is set to a limit of 4096 files per (worker) process, which can be seen in /etc/default/nginx: EDITING THIS FILES DOES NOT HELP. Instead edit /etc/security/limits.conf:

sudo nano /etc/security/limits.conf # Added Nginx limits nginx soft nofile 30000 nginx hard nofile 50000 # End of file

Additionally Nginx should be told how many files can be opened. In the main config file /etc/nginx/nginx.conf add:

sudo nano /etc/nginx/nginx.conf user www-data; worker_processes 4; pid /run/nginx.pid; # 2019-05-09 Increase open files worker_rlimit_nofile 30000;
sudo service nginx # ps auxf | grep nginx root 7027 0.0 0.3 103620 13348 ? Ss 09:21 0:00 nginx: master process /usr/sbin/nginx www-data 7028 8.6 1.0 127900 40724 ? R 09:21 2:37 \_ nginx: worker process www-data 7029 8.9 1.0 127488 40536 ? S 09:21 2:44 \_ nginx: worker process www-data 7031 9.5 1.0 127792 40896 ? S 09:21 2:53 \_ nginx: worker process www-data 7032 8.1 1.0 128472 41244 ? S 09:21 2:29 \_ nginx: worker process # cat /proc/7028/limits | grep "open files" Max open files 30000 30000 files

On WordPress server

sudo apt install apache2 apachetop apache2-utils sudo apt install php libapache2-mod-php php-mysql php-curl php-imagick php-gd php-mbstring php-xml php-xmlrpc php-soap php-intl php-zip php7.2-cli php-exif php-fileinfo php-json php-pcre php-mcrypt php-zlib sudo a2enmod php7.2 sudo a2enmod rewrite sudo a2enmod deflate sudo a2enmod expires sudo systemctl restart apache2 sudo systemctl status apache2 cd /tmp curl -O https://wordpress.org/latest.tar.gz tar xzvf latest.tar.gz touch /tmp/wordpress/.htaccess cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php mkdir /tmp/wordpress/wp-content/upgrade sudo cp -a /tmp/wordpress/. /var/www/html/wordpress sudo chown -R www-data:www-data /var/www/html/wordpress

Edit the apache.conf file

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/wordpress.conf sudo nano /etc/apache2/sites-available/wordpress.conf <VirtualHost *:80> ServerName info.server.com ServerAdmin admin@server.com DocumentRoot /var/www/html/wordpress <Directory /var/www/html/wordpress/> AllowOverride All </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>

wp-config.php – MOST IMPORTANT SETTING

$_SERVER[‘HTTPS’] = ‘on’;

curl -s https://api.wordpress.org/secret-key/1.1/salt/ sudo nano /var/www/html/wordpress/wp-config.php # EDIT DATABASE DETAILS # Add the SALTs received above $_SERVER['HTTPS'] = 'on';

Edit the .htaccess file

# BEGIN rlrssslReallySimpleSSL rsssl_version[3.3] <IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L] </IfModule> # END rlrssslReallySimpleSSL # BEGIN WordPress # The directives (lines) between `BEGIN WordPress` and `END WordPress` are # dynamically generated, and should only be modified via WordPress filters. # Any changes to the directives between these markers will be overwritten. <IfModule mod_rewrite.c> RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule> # END WordPress php_value upload_max_filesize 128M php_value post_max_size 128M php_value max_execution_time 300 php_value max_input_time 300

Enable the site conf and restart apache

sudo a2ensite wordpress.conf sudo apache2ctl configtest sudo systemctl restart apache2

Log in to your site and finish setup in browser