Nginx 反向代理到 apache 不允许在 Wordpress 管理员中使用查询字符串

tag-icon tag-icon nginx apache-2.4 reverse-proxy php-fpm wordpress
Nginx 反向代理到 apache 不允许在 Wordpress 管理员中使用查询字符串

我在 DigitalOcean droplet 上运行 Wordpress,它与 apache 服务器配合得很好,但我把它放在 Nginx 反向代理后面,以便更好地提供静态文件。前端网站可以运行,但我在 wp-admin 区域遇到了问题。

我可以毫无问题地访问主要的 wp-admin 部分(domain.com/wp-admin)以及任何 .php 页面(例如 /wp-admin/upload.php),但是任何时候我都需要按帖子类型列出某些内容,例如

/wp-admin/post-new.php?post_type=page

或者

/wp-admin/edit.php?post_type=product

我收到“帖子类型无效”。

我假设它是 nginx 配置,我认为这是我在设置 nginx 时编辑的唯一 .conf 文件(它位于 /etc/nginx/sites-available 中)

server {
listen 80;
listen 443;
server_name domain.com www.domain.com;
root /var/www/html;
index index.php index.htm index.html;

ssl on;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;

location / {
    try_files $uri $uri/ /index.php?$request_uri$query_string$is_args$args;
}

location ~ \.php$ {
    proxy_pass http://ipaddress:85$request_uri$query_string$is_args$args;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

location ~ /\. {
    deny all;
}
}

有人能帮我找出这里发生了什么吗?或者至少告诉我在哪里可以调试它。

编辑:在我的 Apache 访问日志中发现这一点:

10.15.0.2 - - [07/Dec/2017:17:15:05 +0000] "GET /wp-admin/edit.php?post_type=page?post_type=page HTTP/1.0" 500 3814 "www.domain.net/wp-admin/post.php?post=2&action=edit" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0"

答案1

我发现了这个问题,这是一个愚蠢的问题:

location ~ \.php$ {
    proxy_pass http://ipaddress:port$request_uri;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

代替

location ~ \.php$ {
proxy_pass http://ipaddress:85$request_uri$query_string$is_args$args;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

}

$is_args$args 导致重复的查询字符串

答案2

通常在 /var/log/nginx/error.log 中检查 nginx 错误日志。POST 请求失败可能是由于 nginx 无法写入临时文件造成的。

另外,尝试如下配置:

server {
listen 80;
server_name _;
root /var/www/html;
index index.php index.html index.htm;

error_log /var/log/nginx/error.log;
location / {
# Send requests to backend Apache
proxy_pass http://ipaddress:port;
# Send appropriate headers to the backend
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/
proxy_set_header Proxy "";

# Hide uneeded headers from the backend
proxy_hide_header X-Powered-By;
proxy_hide_header X-Pingback;
proxy_hide_header X-Link;

# Ignore following headers
proxy_ignore_headers X-Accel-Expires;
proxy_ignore_headers Cache-Control;
proxy_ignore_headers Expires;
proxy_ignore_headers Set-Cookie;

# Set files larger than 1M to stream rather than cache
proxy_max_temp_file_size 1M;
}
# Enable browser caching for image files
location ~* \.(css|js|gif|jpe?g|png)$ {
expires 15d;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
# this prevents hidden files (beginning with a period) from being served, and
# Disable access to the wp-config | readme files
location ~ /(\.|wp-config.php|readme.html|licence.txt|readme.txt) { return 404; }
# Disable access to PHP files inside uploads/ directory
location ~* /uploads/.*\.php$ { deny all; }
location ~* (wp-includes|includes)$ { deny all; }
# Disable direct access to cache directory
location /wp-content/cache/ { deny all; }
}

相关内容