Please share your working NGNIX Conf for a SSL Wordpress

Question

I have spent 20 hours trying to solve the issue of infinite 302 redirects to a HTTPS Wordpress site. I have followed the various tutorials, and discussion threads on the Internet. Whatever I try the site simply spins in an infinite 302 redirect loop.

Can someone please share a working NGNIX Conf for a Wordpress with HTTPS.

That’s all I want for Christmas right now.

Answer 1

eldin December 13, 2015

This should work :-) (I am not using WordPress)

Please generate a DH Group

mkdir /etc/nginx/tls
cd /etc/nginx/tls
openssl dhparam -out dhparams.pem 4096

Remove http2 if your NGINX version is under 1.9.5
Change ssl_protocols to TLSv1 TLSv1.1 TLSv1.2; to allow older Clients
ssl_trusted_certificate should be the full chain

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    server_name domain.com;

    return 301 https://$server_name$request_uri;
}
server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server ipv6only=on;

    ###
    # TLS CONFIGURATION
    ###

    ##
    # BASIC
    ##

    ssl_certificate /location;
    ssl_certificate_key /location;
    ssl_trusted_certificate /location;
    ssl_protocols TLSv1.2;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";

    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;

    ##
    # DH PARAMS
    ##

    ssl_dhparam /etc/nginx/tls/dhparams.pem;

    ##
    # OCSP
    ##

    ssl_stapling on;
    ssl_stapling_verify on;

    ##
    # HEADERS
    ##

    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;

    ###
    # TLS END
    ###
[...]

Reply Report

elia December 13, 2015

Awesome thanks!
Reply Report
dpanos January 4, 2016

Hello,

is this a working ssl setup? for a drupal site ( nginx 1.8.0)

server {
listen 80 defaultserver;
listen [::]:80 defaultserver ipv6only=on;

listen 443 ssl;

root /var/www/html/drupal;
index index.php index.html index.htm;

sslcertificate /etc/nginx/ssl/public.crt;
sslcertificate_key /etc/nginx/ssl/mykey.key;

errorpage 404 /404.html;
errorpage 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}

location = /favicon.ico {
lognotfound off;
access_log off;
}

location = /robots.txt {
allow all;
lognotfound off;
access_log off;
}

location ~ ../..php$ {
return 403;
}

location ~ ^/sites/.*/private/ {
return 403;
}

location ~ (^|/). {
return 403;
}

location / {
try_files $uri @rewrite;
}

location @rewrite {
rewrite ^ /index.php;
}

location ~ .php$ {
fastcgisplitpathinfo ^(.+.php)(/.+)$;
include fastcgiparams;
fastcgiparam SCRIPTFILENAME $requestfilename;
fastcgiintercepterrors on;
fastcgipass unix:/var/run/php5-fpm.sock;
}

location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}

location ~* .(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
lognotfound off;
}
}

Thanks alot
Reply Report
- elcore January 4, 2016
  
  @dpanos @eldin here. Some information for Drupal regarding NGINX https://www.nginx.com/resources/wiki/start/topics/recipes/drupal/
  
  If you need TLS use my configuration above.
  
  Reply Report
  
  dpanos January 4, 2016
  
  Thanks a lot eldin for very quick response
  i ll check it.
  
  Reply Report

Answer 2

elia December 13, 2015

Awesome thanks!
Reply Report
dpanos January 4, 2016

Hello,

is this a working ssl setup? for a drupal site ( nginx 1.8.0)

server {
listen 80 defaultserver;
listen [::]:80 defaultserver ipv6only=on;

listen 443 ssl;

root /var/www/html/drupal;
index index.php index.html index.htm;

sslcertificate /etc/nginx/ssl/public.crt;
sslcertificate_key /etc/nginx/ssl/mykey.key;

errorpage 404 /404.html;
errorpage 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}

location = /favicon.ico {
lognotfound off;
access_log off;
}

location = /robots.txt {
allow all;
lognotfound off;
access_log off;
}

location ~ ../..php$ {
return 403;
}

location ~ ^/sites/.*/private/ {
return 403;
}

location ~ (^|/). {
return 403;
}

location / {
try_files $uri @rewrite;
}

location @rewrite {
rewrite ^ /index.php;
}

location ~ .php$ {
fastcgisplitpathinfo ^(.+.php)(/.+)$;
include fastcgiparams;
fastcgiparam SCRIPTFILENAME $requestfilename;
fastcgiintercepterrors on;
fastcgipass unix:/var/run/php5-fpm.sock;
}

location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}

location ~* .(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
lognotfound off;
}
}

Thanks alot
Reply Report
- elcore January 4, 2016
  
  @dpanos @eldin here. Some information for Drupal regarding NGINX https://www.nginx.com/resources/wiki/start/topics/recipes/drupal/
  
  If you need TLS use my configuration above.
  
  Reply Report
  
  dpanos January 4, 2016
  
  Thanks a lot eldin for very quick response
  i ll check it.
  
  Reply Report

Related

Question

Please share your working NGNIX Conf for a SSL Wordpress

Related

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

Please share your working NGNIX Conf for a SSL Wordpress

Related

Leave a comment

Related

question

Trying to set proper WP file and directory permissions with little luck...

question

Configuring WordPress on Ubuntu w/ LEMP - ERROR: There was an error connecting to the server, Please verify the settings are correct.

question

How to set up nginx cookie free headers

question

Can't connect to localhost - Nginx, times out

Looking for something else?