DEV Community: Konstantinos Kritikakis The latest articles on DEV Community by Konstantinos Kritikakis (@konkri). https://dev.to/konkri https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F1252550%2F9f705ff8-bd7e-4afc-907e-e0356f30fb77.jpg DEV Community: Konstantinos Kritikakis https://dev.to/konkri en Configure HTTPS for Wordpress on Docker using NGINX as a reverse proxy Konstantinos Kritikakis Wed, 24 Jul 2024 23:36:12 +0000 https://dev.to/konkri/configure-https-for-wordpress-on-docker-using-nginx-as-a-reverse-proxy-1a6c https://dev.to/konkri/configure-https-for-wordpress-on-docker-using-nginx-as-a-reverse-proxy-1a6c <p>If you want to host Wordpress in a Docker container but have trouble configuring HTTPS, the steps below might help you!</p> <h2> Composing the <code>docker-compose.yml</code> file </h2> <p>Let's create a <code>docker-compose.yml</code> file to define the services we are going to need.</p> <h3> First, we are going to add the <code>db</code> to the services. </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">db</span><span class="pi">:</span> <span class="na">image</span><span class="pi">:</span> <span class="s">mysql:5.7</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">db</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">3306:3306"</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">MYSQL_DATABASE</span><span class="pi">:</span> <span class="s">wordpress</span> <span class="na">MYSQL_USER</span><span class="pi">:</span> <span class="s">notanotheruser</span> <span class="na">MYSQL_PASSWORD</span><span class="pi">:</span> <span class="m">1234</span> <span class="na">MYSQL_ROOT_PASSWORD</span><span class="pi">:</span> <span class="s">root1234</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">db_data:/var/lib/mysql</span> </code></pre> </div> <ul> <li>We are exposing the <code>port 3306</code> in case we want to connect to the database with MySQL Workbench to take a better look.</li> <li>We are passing the <code>environment variables</code> needed to init the MySQL server as per <a href="https://hub.docker.com/_/mysql" rel="noopener noreferrer">documentation</a> </li> <li>We are creating a <code>volume</code> to keep the state of the MySQL server even after we shut down the service container.</li> </ul> <h3> After we have set up the db, we are going to add <code>wordpress</code> to the services. </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">wordpress</span><span class="pi">:</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">db</span> <span class="na">image</span><span class="pi">:</span> <span class="s">wordpress:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">wordpress</span> <span class="na">environment</span><span class="pi">:</span> <span class="na">WORDPRESS_DB_HOST</span><span class="pi">:</span> <span class="s">db</span> <span class="na">WORDPRESS_DB_USER</span><span class="pi">:</span> <span class="s">notanotheruser</span> <span class="na">WORDPRESS_DB_PASSWORD</span><span class="pi">:</span> <span class="m">1234</span> <span class="na">WORDPRESS_DB_NAME</span><span class="pi">:</span> <span class="s">wordpress</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./wordpress/wp-config.php:/var/www/html/wp-config.php</span> </code></pre> </div> <ul> <li>We are adding the <code>depends_on: db</code> because we want the db service to be started prior to the wordpress service.</li> <li>We are passing the <code>environment variables</code> needed to init Wordpress as per <a href="https://hub.docker.com/_/wordpress" rel="noopener noreferrer">documentation</a> </li> <li>We need to overwrite the <code>wp-config.php</code> file in the wordpress installation with our own only to add one line that is going to allow us to use https, and that is: <code>$_SERVER['HTTPS'] = 'on';</code> </li> </ul> <p>A <code>wp-config.php</code> file locally should look like this:</p> <div class="highlight js-code-highlight"> <pre class="highlight php"><code> <span class="cp">&lt;?php</span> <span class="cd">/** * The base configuration for WordPress * * The wp-config.php creation script uses this file during the installation. * You don't have to use the website, you can copy this file to "wp-config.php" * and fill in the values. * * This file contains the following configurations: * * * Database settings * * Secret keys * * Database table prefix * * ABSPATH * * This has been slightly modified (to read environment variables) for use in Docker. * * @link https://developer.wordpress.org/advanced-administration/wordpress/wp-config/ * * @package WordPress */</span> <span class="c1">// IMPORTANT: this file needs to stay in-sync with https://github.com/WordPress/WordPress/blob/master/wp-config-sample.php</span> <span class="c1">// (it gets parsed by the upstream wizard in https://github.com/WordPress/WordPress/blob/f27cb65e1ef25d11b535695a660e7282b98eb742/wp-admin/setup-config.php#L356-L392)</span> <span class="c1">// a helper function to lookup "env_FILE", "env", then fallback</span> <span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nb">function_exists</span><span class="p">(</span><span class="s1">'getenv_docker'</span><span class="p">))</span> <span class="p">{</span> <span class="c1">// https://github.com/docker-library/wordpress/issues/588 (WP-CLI will load this file 2x)</span> <span class="k">function</span> <span class="n">getenv_docker</span><span class="p">(</span><span class="nv">$env</span><span class="p">,</span> <span class="nv">$default</span><span class="p">)</span> <span class="p">{</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$fileEnv</span> <span class="o">=</span> <span class="nb">getenv</span><span class="p">(</span><span class="nv">$env</span> <span class="mf">.</span> <span class="s1">'_FILE'</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nb">rtrim</span><span class="p">(</span><span class="nb">file_get_contents</span><span class="p">(</span><span class="nv">$fileEnv</span><span class="p">),</span> <span class="s2">"</span><span class="se">\r\n</span><span class="s2">"</span><span class="p">);</span> <span class="p">}</span> <span class="k">else</span> <span class="k">if</span> <span class="p">((</span><span class="nv">$val</span> <span class="o">=</span> <span class="nb">getenv</span><span class="p">(</span><span class="nv">$env</span><span class="p">))</span> <span class="o">!==</span> <span class="kc">false</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$val</span><span class="p">;</span> <span class="p">}</span> <span class="k">else</span> <span class="p">{</span> <span class="k">return</span> <span class="nv">$default</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// ** Database settings - You can get this info from your web host ** //</span> <span class="cd">/** The name of the database for WordPress */</span> <span class="nb">define</span><span class="p">(</span> <span class="s1">'DB_NAME'</span><span class="p">,</span> <span class="nf">getenv_docker</span><span class="p">(</span><span class="s1">'WORDPRESS_DB_NAME'</span><span class="p">,</span> <span class="s1">'wordpress'</span><span class="p">)</span> <span class="p">);</span> <span class="cd">/** Database username */</span> <span class="nb">define</span><span class="p">(</span> <span class="s1">'DB_USER'</span><span class="p">,</span> <span class="nf">getenv_docker</span><span class="p">(</span><span class="s1">'WORDPRESS_DB_USER'</span><span class="p">,</span> <span class="s1">'example username'</span><span class="p">)</span> <span class="p">);</span> <span class="cd">/** Database password */</span> <span class="nb">define</span><span class="p">(</span> <span class="s1">'DB_PASSWORD'</span><span class="p">,</span> <span class="nf">getenv_docker</span><span class="p">(</span><span class="s1">'WORDPRESS_DB_PASSWORD'</span><span class="p">,</span> <span class="s1">'example password'</span><span class="p">)</span> <span class="p">);</span> <span class="cd">/** * Docker image fallback values above are sourced from the official WordPress installation wizard: * https://github.com/WordPress/WordPress/blob/1356f6537220ffdc32b9dad2a6cdbe2d010b7a88/wp-admin/setup-config.php#L224-L238 * (However, using "example username" and "example password" in your database is strongly discouraged. Please use strong, random credentials!) */</span> <span class="cd">/** Database hostname */</span> <span class="nb">define</span><span class="p">(</span> <span class="s1">'DB_HOST'</span><span class="p">,</span> <span class="nf">getenv_docker</span><span class="p">(</span><span class="s1">'WORDPRESS_DB_HOST'</span><span class="p">,</span> <span class="s1">'mysql'</span><span class="p">)</span> <span class="p">);</span> <span class="cd">/** Database charset to use in creating database tables. */</span> <span class="nb">define</span><span class="p">(</span> <span class="s1">'DB_CHARSET'</span><span class="p">,</span> <span class="nf">getenv_docker</span><span class="p">(</span><span class="s1">'WORDPRESS_DB_CHARSET'</span><span class="p">,</span> <span class="s1">'utf8'</span><span class="p">)</span> <span class="p">);</span> <span class="cd">/** The database collate type. Don't change this if in doubt. */</span> <span class="nb">define</span><span class="p">(</span> <span class="s1">'DB_COLLATE'</span><span class="p">,</span> <span class="nf">getenv_docker</span><span class="p">(</span><span class="s1">'WORDPRESS_DB_COLLATE'</span><span class="p">,</span> <span class="s1">''</span><span class="p">)</span> <span class="p">);</span> <span class="cd">/**#@+ * Authentication unique keys and salts. * * Change these to different unique phrases! You can generate these using * the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}. * * You can change these at any point in time to invalidate all existing cookies. * This will force all users to have to log in again. * * @since 2.6.0 */</span> <span class="nb">define</span><span class="p">(</span> <span class="s1">'AUTH_KEY'</span><span class="p">,</span> <span class="nf">getenv_docker</span><span class="p">(</span><span class="s1">'WORDPRESS_AUTH_KEY'</span><span class="p">,</span> <span class="s1">'a04e06eaef05d9dc187680cdccb8aae37d90bfcd'</span><span class="p">)</span> <span class="p">);</span> <span class="nb">define</span><span class="p">(</span> <span class="s1">'SECURE_AUTH_KEY'</span><span class="p">,</span> <span class="nf">getenv_docker</span><span class="p">(</span><span class="s1">'WORDPRESS_SECURE_AUTH_KEY'</span><span class="p">,</span> <span class="s1">'f1d35321ba3ff820430674efc877f53b64bdb50e'</span><span class="p">)</span> <span class="p">);</span> <span class="nb">define</span><span class="p">(</span> <span class="s1">'LOGGED_IN_KEY'</span><span class="p">,</span> <span class="nf">getenv_docker</span><span class="p">(</span><span class="s1">'WORDPRESS_LOGGED_IN_KEY'</span><span class="p">,</span> <span class="s1">'5d880df893cba59fed67def1acac2c61e46c4671'</span><span class="p">)</span> <span class="p">);</span> <span class="nb">define</span><span class="p">(</span> <span class="s1">'NONCE_KEY'</span><span class="p">,</span> <span class="nf">getenv_docker</span><span class="p">(</span><span class="s1">'WORDPRESS_NONCE_KEY'</span><span class="p">,</span> <span class="s1">'2fe4fdf4ff93153db924369eb7bbd823f446577c'</span><span class="p">)</span> <span class="p">);</span> <span class="nb">define</span><span class="p">(</span> <span class="s1">'AUTH_SALT'</span><span class="p">,</span> <span class="nf">getenv_docker</span><span class="p">(</span><span class="s1">'WORDPRESS_AUTH_SALT'</span><span class="p">,</span> <span class="s1">'326143348bb31e5451cf0e838048043ea39e5351'</span><span class="p">)</span> <span class="p">);</span> <span class="nb">define</span><span class="p">(</span> <span class="s1">'SECURE_AUTH_SALT'</span><span class="p">,</span> <span class="nf">getenv_docker</span><span class="p">(</span><span class="s1">'WORDPRESS_SECURE_AUTH_SALT'</span><span class="p">,</span> <span class="s1">'33aa7ae0aa39497d0d13e84413061e0168eadea3'</span><span class="p">)</span> <span class="p">);</span> <span class="nb">define</span><span class="p">(</span> <span class="s1">'LOGGED_IN_SALT'</span><span class="p">,</span> <span class="nf">getenv_docker</span><span class="p">(</span><span class="s1">'WORDPRESS_LOGGED_IN_SALT'</span><span class="p">,</span> <span class="s1">'f032c820677ec84f4ef05a6d2e4c2547be1e7b1b'</span><span class="p">)</span> <span class="p">);</span> <span class="nb">define</span><span class="p">(</span> <span class="s1">'NONCE_SALT'</span><span class="p">,</span> <span class="nf">getenv_docker</span><span class="p">(</span><span class="s1">'WORDPRESS_NONCE_SALT'</span><span class="p">,</span> <span class="s1">'506e5adc0340e19f13b1018ecb7b7776e92b0a73'</span><span class="p">)</span> <span class="p">);</span> <span class="c1">// (See also https://wordpress.stackexchange.com/a/152905/199287)</span> <span class="cd">/**#@-*/</span> <span class="cd">/** * WordPress database table prefix. * * You can have multiple installations in one database if you give each * a unique prefix. Only numbers, letters, and underscores please! */</span> <span class="nv">$table_prefix</span> <span class="o">=</span> <span class="nf">getenv_docker</span><span class="p">(</span><span class="s1">'WORDPRESS_TABLE_PREFIX'</span><span class="p">,</span> <span class="s1">'wp_'</span><span class="p">);</span> <span class="cd">/** * For developers: WordPress debugging mode. * * Change this to true to enable the display of notices during development. * It is strongly recommended that plugin and theme developers use WP_DEBUG * in their development environments. * * For information on other constants that can be used for debugging, * visit the documentation. * * @link https://developer.wordpress.org/advanced-administration/debug/debug-wordpress/ */</span> <span class="nb">define</span><span class="p">(</span> <span class="s1">'WP_DEBUG'</span><span class="p">,</span> <span class="o">!!</span><span class="nf">getenv_docker</span><span class="p">(</span><span class="s1">'WORDPRESS_DEBUG'</span><span class="p">,</span> <span class="s1">''</span><span class="p">)</span> <span class="p">);</span> <span class="cm">/* Add any custom values between this line and the "stop editing" line. */</span> <span class="c1">// If we're behind a proxy server and using HTTPS, we need to alert WordPress of that fact</span> <span class="c1">// see also https://wordpress.org/support/article/administration-over-ssl/#using-a-reverse-proxy</span> <span class="k">if</span> <span class="p">(</span><span class="k">isset</span><span class="p">(</span><span class="nv">$_SERVER</span><span class="p">[</span><span class="s1">'HTTP_X_FORWARDED_PROTO'</span><span class="p">])</span> <span class="o">&amp;&amp;</span> <span class="nb">strpos</span><span class="p">(</span><span class="nv">$_SERVER</span><span class="p">[</span><span class="s1">'HTTP_X_FORWARDED_PROTO'</span><span class="p">],</span> <span class="s1">'https'</span><span class="p">)</span> <span class="o">!==</span> <span class="kc">false</span><span class="p">)</span> <span class="p">{</span> <span class="nv">$_SERVER</span><span class="p">[</span><span class="s1">'HTTPS'</span><span class="p">]</span> <span class="o">=</span> <span class="s1">'on'</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// (we include this by default because reverse proxying is extremely common in container environments)</span> <span class="k">if</span> <span class="p">(</span><span class="nv">$configExtra</span> <span class="o">=</span> <span class="nf">getenv_docker</span><span class="p">(</span><span class="s1">'WORDPRESS_CONFIG_EXTRA'</span><span class="p">,</span> <span class="s1">''</span><span class="p">))</span> <span class="p">{</span> <span class="k">eval</span><span class="p">(</span><span class="nv">$configExtra</span><span class="p">);</span> <span class="p">}</span> <span class="cm">/* That's all, stop editing! Happy publishing. */</span> <span class="cd">/** Absolute path to the WordPress directory. */</span> <span class="k">if</span> <span class="p">(</span> <span class="o">!</span> <span class="nb">defined</span><span class="p">(</span> <span class="s1">'ABSPATH'</span> <span class="p">)</span> <span class="p">)</span> <span class="p">{</span> <span class="nb">define</span><span class="p">(</span> <span class="s1">'ABSPATH'</span><span class="p">,</span> <span class="k">__DIR__</span> <span class="mf">.</span> <span class="s1">'/'</span> <span class="p">);</span> <span class="p">}</span> <span class="cd">/** Sets up WordPress vars and included files. */</span> <span class="k">require_once</span> <span class="no">ABSPATH</span> <span class="mf">.</span> <span class="s1">'wp-settings.php'</span><span class="p">;</span> <span class="nv">$_SERVER</span><span class="p">[</span><span class="s1">'HTTPS'</span><span class="p">]</span> <span class="o">=</span> <span class="s1">'on'</span><span class="p">;</span> </code></pre> </div> <blockquote> <p>Keep in mind that the Wordpress image by itself doesn't support HTTPS. Thus the need for a reverse proxy. </p> </blockquote> <h3> Finally we need to add <code>webserver</code> to the services. </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code> <span class="na">webserver</span><span class="pi">:</span> <span class="na">depends_on</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">wordpress</span> <span class="na">image</span><span class="pi">:</span> <span class="s">nginx:latest</span> <span class="na">container_name</span><span class="pi">:</span> <span class="s">webserver</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">80:80"</span> <span class="pi">-</span> <span class="s2">"</span><span class="s">443:443"</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">./nginx/nginx.conf:/etc/nginx/conf.d/default.conf</span> <span class="pi">-</span> <span class="s">./nginx/certs:/etc/nginx/certs</span> </code></pre> </div> <ul> <li>We are adding the <code>depends_on: wordpress</code> because we want the wordpress service to be started prior to the webserver service.</li> <li>We are exposing both <code>port 80</code> and <code>443</code>.</li> <li>We need to pass a <code>nginx.conf</code> file that allows for the reverse proxy to be possible as well as <code>.crt</code> and <code>.key</code> files for the SSL.</li> </ul> <p>A <code>nginx.conf</code> file locally should look like this:</p> <div class="highlight js-code-highlight"> <pre class="highlight conf"><code> <span class="n">server</span> { <span class="n">listen</span> <span class="m">80</span>; <span class="n">location</span> / { <span class="n">proxy_pass</span> <span class="n">http</span>://<span class="n">wordpress</span>; <span class="n">proxy_set_header</span> <span class="n">Host</span> $<span class="n">host</span>; <span class="n">proxy_set_header</span> <span class="n">X</span>-<span class="n">Real</span>-<span class="n">IP</span> $<span class="n">remote_addr</span>; <span class="n">proxy_set_header</span> <span class="n">X</span>-<span class="n">Forwarded</span>-<span class="n">For</span> $<span class="n">proxy_add_x_forwarded_for</span>; <span class="n">proxy_set_header</span> <span class="n">X</span>-<span class="n">Forwarded</span>-<span class="n">Proto</span> $<span class="n">scheme</span>; } } <span class="n">server</span> { <span class="n">listen</span> <span class="m">443</span> <span class="n">ssl</span>; <span class="n">ssl_certificate</span> /<span class="n">etc</span>/<span class="n">nginx</span>/<span class="n">certs</span>/<span class="n">nginx</span>.<span class="n">crt</span>; <span class="n">ssl_certificate_key</span> /<span class="n">etc</span>/<span class="n">nginx</span>/<span class="n">certs</span>/<span class="n">nginx</span>.<span class="n">key</span>; <span class="n">location</span> / { <span class="n">proxy_pass</span> <span class="n">http</span>://<span class="n">wordpress</span>; <span class="n">proxy_set_header</span> <span class="n">Host</span> $<span class="n">host</span>; <span class="n">proxy_set_header</span> <span class="n">X</span>-<span class="n">Real</span>-<span class="n">IP</span> $<span class="n">remote_addr</span>; <span class="n">proxy_set_header</span> <span class="n">X</span>-<span class="n">Forwarded</span>-<span class="n">For</span> $<span class="n">proxy_add_x_forwarded_for</span>; <span class="n">proxy_set_header</span> <span class="n">X</span>-<span class="n">Forwarded</span>-<span class="n">Proto</span> $<span class="n">scheme</span>; } } </code></pre> </div> <blockquote> <p>In order to serve HTTPS content, an SSL certificate is required.</p> </blockquote> <p>For development purposes I used this <a href="https://www.samltool.com/self_signed_certs.php" rel="noopener noreferrer">online tool</a> to generate my self-signed certificate (<code>.crt</code> and <code>.key</code> files). Feel free to use <a href="https://hub.docker.com/r/certbot/certbot" rel="noopener noreferrer">certbot</a> or <a href="https://docs.openssl.org/master/" rel="noopener noreferrer">openssl</a></p> <h2> Finally, fingers crossed, we are ready to run <code>docker-compose up</code>! </h2> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5pz50aumts4dub23j1t3.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F5pz50aumts4dub23j1t3.png" alt="docker-compose up"></a></p> <p>After the setup process, if you go to Settings you will see that the <code>https</code>has been added to the <code>WordPress Address</code> and the <code>Site Address</code></p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9x65tjm39e1rwsb4g7lr.png" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F9x65tjm39e1rwsb4g7lr.png" alt="https result"></a></p> <h2> That's it! </h2> <p>I had trouble myself to setup https for wordpress so I thought once I figured it out I should share. Feel free to share any feedback! Thanks and have a great day!</p> <p>Here is the <a href="https://github.com/KonKri/docker-wordpress-https-nginx" rel="noopener noreferrer">GitHub repo</a> with the code used.</p> <p><a href="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqb0wreadh8odktw0h0ot.gif" class="article-body-image-wrapper"><img src="https://media.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqb0wreadh8odktw0h0ot.gif" alt="that's all folks"></a></p> docker https nginx wordpress