Nginx – Port number being added to WordPress admin after Varnish install

nginxvarnishWordpress

I added Varnish in front of nginx. When I try to login to WordPress, I go to domain.com/wp-admin but I'm now redirected to domain.com:8080/wp-admin. I can manually remove the port and the admin side functions the way it should.

My Varnish config:

backend origin {
    .host = "localhost";
    .port = "8080";
    .connect_timeout = 60s;
    .first_byte_timeout = 60s;
    .between_bytes_timeout = 60s;
}
acl purge {
    "localhost";
}
sub vcl_recv {
    set req.backend = origin;
    set req.http.X-Forwarded-For = client.ip;
    if(req.url ~ "^/wp-(login|admin)" || req.http.Cookie ~ "wordpress_logged_in_") {
        return (pass);
    }
    if(req.url ~ "/xmlrpc.php") {
        return(pass);
    }
    if( req.url ~ "\?s=" ){
        return (pass);
    }
    if (req.request == "BAN") {
        if(!client.ip ~ purge) {
            error 405 "Not allowed.";
        }
        ban("req.url ~ "+req.url+" && req.http.host == "+req.http.host);
        error 200 "Banned.";
    }
    if (req.request != "GET" && req.request != "HEAD" && req.request != "PUT" && req.request != "POST" && req.request != "TRACE" && req.request != "OPTIONS" && req.request != "DELETE") {
        return (pipe);
    }
    if (req.request != "GET" && req.request != "HEAD") {
        return (pass);
    }
    unset req.http.Cookie;
    return (lookup);
}
sub vcl_hit {
    if (req.request == "PURGE") { purge; }
    return (deliver);
}
sub vcl_miss {
    if (req.request == "PURGE") { purge; }
    return (fetch);
}
sub vcl_fetch {
    unset beresp.http.Server;
    unset beresp.http.X-Powered-By;
    if (beresp.status == 404) {
        set beresp.ttl = 0m;
    return(hit_for_pass);
    }
    if( beresp.http.Set-Cookie && req.url !~ "^/wp-(login|admin)" ){
        unset beresp.http.Set-Cookie;
    }
    if ( req.request == "POST" || req.http.Authorization ) {
        return (hit_for_pass);
    }
    if ( beresp.status != 200 ) {
        return (hit_for_pass);
    }
    if( req.url ~ "\?s=" ){
        return (hit_for_pass);
    }
    set beresp.ttl = 5m;
    return (deliver);
}
sub vcl_deliver {
    if (obj.hits > 0) {
        set resp.http.X-Cache = "HIT";
    } else {
        set resp.http.X-Cache = "MISS";
    }
    unset resp.http.Via;
    unset resp.http.X-Varnish;
}
sub vcl_error {
    if (obj.status == 503 && req.restarts < 2) {
        set obj.http.X-Restarts = req.restarts;
        return(restart);
    }
    if (obj.status == 301) {
        set obj.http.Location = req.url;
        set obj.status = 301;
        return(deliver);
    }
    if (obj.status == 750) {
        set obj.http.Location = obj.response;
        set obj.status = 302;
        return (deliver);
    }
}

Best Answer

I think you are wrong that the redirect only appends the port, without also postfixing a slash to the end of the URL.

After catching that issue, it's pretty clear that this an internal redirect that is done by nginx when it encounters that a directory is being accessed without a trailing slash.

You would use http://nginx.org/en/docs/http/ngx_http_core_module.html#port_in_redirect to disable the port from being appended:

port_in_redirect off;

This solution will work great as long as you don't rely on such redirects when trying to access nginx directly on port 8080, and as long as the Host names match between varnish and nginx.

Related Solutions

Nginx – Protecting WordPress Admin interface on an alternate port

This might help you, as of wordpress 2.6 you can force the admin and login areas to be ssled.

http://codex.wordpress.org/Administration_Over_SSL

  define('FORCE_SSL_LOGIN', true);
  define('FORCE_SSL_ADMIN', true);

Sometimes, you want your whole wp-admin to run over a secure connection using the https protocol. Conceptually, the procedure works like this:

Set up two virtual hosts with the same url (the blog url), one secure, the other not. On the secure virtual host, set up a rewrite rule that shuttles all non-wp-admin traffic to the insecure site. On the insecure virtual host, set up a rewrite rule that shuttles all traffic to wp-admin to the secure host. Put in a filter (via a plugin) that filters the links in wp-admin so that once activated, administrative links are rewritten to use https and that edits cookies to work only over encrypted connections.

The plugin they mention is called admin ssl.

Nginx – Configure php5-fpm for many concurrent users

I suspect your varnish cache is not caching anywhere near enough of the hits

here's what I would do in your situation:

Lower php max children to 100 or even 50 (if varnish does its job properly you don't need them) also remove the max requests line to allow the php processes not to respawn too quickly and thus prevent APC from being cleared too quickly which is also bad

also IF is not good according to nginx - http://wiki.nginx.org/IfIsEvil

I would change this line:

            if (!-e $request_filename) {
                    rewrite ^(.+)$ /index.php?q=$1 last;
            }

to:

try_files $uri $uri/ /index.php?$args;

If your version of nginx supports it (pretty certain if your nginx version is > 0.7.51 then it supports it)

you should also look at inserting the w3tc nginx rules direct into your vhost file to enabled proper disk enhanced caching of pages (which is faster than APC caching with nginx)

Take a look at the following varnish vcl which I use for sites - you will need to read through and edit a few things for your website - it also assumes that its only WP sites on the server and only 1 site on the server, it can easily be modified for more sites (take a look at the cookie section)

generic vcl: https://gist.github.com/b7332971a848bcb7ecef

With this config I would argue to remove fastcgi_cache to prevent any possible issues with a cache-chain occurring whereby trying locate any stray stale cache entries is more difficult

also tell w3tc that varnish is at 127.0.0.1 and it will purge it for you ;)

I deployed this to a server on Wednesday evening (with a few domain specific modifications) that was handling 2500 active site visitors it reduced load to less than 1 and the approx number of running php children was around 10-20 (this number does depend on number of logged in users and other factors like cookies) this server did have much more ram but the principle is the same, you should be able to easily handle the number of visitors you get at peaks

Best Answer

Related Solutions

Nginx – Protecting WordPress Admin interface on an alternate port

Nginx – Configure php5-fpm for many concurrent users

Related Topic