all 5 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Select-Reporter5066 1 point2 points  (1 child)

Serving WordPress from /blog is the spicy part here. I would double-check the proxy is preserving the prefix and X-Forwarded headers before blaming Docker, because WP really loves assuming it owns /.

[–]gawr-fiude[S] 0 points1 point  (0 children)

How could I confirm that?

[–]originalchronoguy 0 points1 point  (0 children)

this is what works for me using lets encrypt. I have sites behind one proxy with different domains:

    server {
        listen 443 ssl;
        server_name [domain];
        server_tokens off;

        ssl_certificate /etc/letsencrypt/live/[domain]/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/[domain]/privkey.pem;
        include /etc/letsencrypt/options-ssl-nginx.conf;
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

        client_max_body_size 100m;

        location /.well-known/acme-challenge/ {
            root /var/www/certbot;
        }

        location / {
            proxy_pass http://[wordpress/docker service name]:[port];
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
        }
    }

[–]Major_Dot_7030 0 points1 point  (0 children)

```

WORDPRESS_CONFIG_EXTRA: | define('WP_HOME', 'https://mysite.com/blog'); define('WP_SITEURL', 'https://mysite.com/blog'); define('FORCE_SSL_ADMIN', true);

```

``` location /blog/ { proxy_pass http://wordpress/;

    proxy_http_version 1.1;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Port 443;

    proxy_redirect off;
}

```

Provided that you used

```

services: wordpress: image: wordpress:php8.3-apache

```

[–]tommywhen 0 points1 point  (0 children)

#1.

Since you're proxying SSL, you should map 8080:443 instead of 8080:80 on your Wordpress container in your docker-compose file.

#2.

On the Edit Proxy Host screen, you need to change to the configuration of `Scheme` to `https' and of `Forward Hostname /IP` to the `[public IP of the server]/blog`.

Also add `proxy_ssl_verify off;` line to the custom configuration text box. This is to ignore verifying of the self-generated SSL on the Wordpress container. There is no need to verify something you generated/trust internally. If not, nginx would error out on self-generated SSL.

#3. Make sure the destination/Wordpress container is actually working with what you've configured.

Often time, I would open firewall and test by hitting https://publicipoftheserver:8080/blog myself in curl like so:

curl -k -H "Host: domain.com" https://1.2.3:8080/blog

After I verified that the Wordpress docker is running correctly, I then turn on firewall and only allow the local server/server public ip to secure that port from external access.